IITCase Study

Building Intelligent Networks
A Case Study Of A Case Study Of INDIAN INSTITUTE OF TECHNOLOGY INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR KHARAGPUR
Dedicated to the Service of the Nation
HCL COMNET LIMITED HCL COMNET LIMITED
Implemented By Implemented By
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd.
Page 1
15/12/2002
DOCUMENT DETAILS
Document Title Version Date Created by Project Manager IIT Kharagpur Case Study 1.0 15/12/2002 Sukanta Das, Sr. Engineer WAN Operation E-mail: SukantaD@hclcomnet.co.in Mr. Bhaskar Dasgupta, National Project Manager E-Mail: b_dasgupta@hclcomnet.co.in Partha Goswami, RM - TSG E-mail: ParthaG@hclcomnet.co.in Sudipto Chowdhury, Network Specialist E-mail: SudiptoC@hclcomnet.co.in Abhijit Datta, Sr. Engineer-WAN Operation E-Mail: AbhijitD@hclcomnet.co.in Sukanta Das, Sr. Engineer-WAN Operation E-Mail: SukantaD@hclcomnet.co.in
Project Members
Reference Modified by
www.cisco.com
Suggestion / Comments
Revision History: Revision Number 1.0 Date 27/12/2002 Changes -
Page 2
15/12/2002
TABLE OF CONTENTS
Sl No
1 2 3 4 5 6 7 8 9 10 11 12 13 14 (A) (B) (C) (D) (E) (F) (G) (H) 15 16 (A) (B) (C) (D) 17 (A) (B) 18 # # # 19 20 21 (1) (2) (3) (4) (5) (6)
Content Details
Introduction Institute History Campus Location The Networking Era Campus Map The Need Network Design Project Overview How we have implemented the Entire Network IIT Kharagpur Campus Network Schematic Central Network Room Schematic Network Schematic of some Departments Network Schematic of some Hostel/Halls Configuration details of Central Network Equipments Academic CORE Switch Academic DISTRIBUTION Switch Hostel CORE 1 Hostel CORE 2 Thaicom Gateway Router 7507 Cisco PIX Firewall with Failover Cisco Catalyst 5509 VSNL Router Cache Engine COMPUTER Sc. 2948 GL3 Distribution Switch Configuration Access/Edge Switch Configuration of some Departments ARCHITECTURE IE & M NAVAL CRF Distribution Switch Configuration details of some Hostels NEHRU Hall of Residence PATEL Hall of Residence Some Important Feature of the Network Redundancy of Supervisor Engine QOS Implementation Cache-Engine Implementation Network Components installed across the Network Appreciation Letter & Sign-Off Glossary Cisco Catalyst 6500 Series Data sheet Catalyst 600 Family Gigabit Ethernet Module Data Sheet Switch Fabric Module Data Sheet Distributed Forwarding Card for the Catalyst 6500 Data Sheet Catalyst 6000 Intrusion Detection System Module Data Sheet Configuring Catalyst 6509 Switch as DHCP Server
Page No
4 4 5 5 6 6 7-8 8-9 10 11 11 12-16 17-19 20-64 20-26 27-39 40-46 47-52 53-56 57-59 60-62 63-64 65-75 76-87 76-78 79-81 82-84 85-87 88-102 88-94 95-102 103-119 103-104 105-108 109-119 120 121-123 124-148 124 125 128 130 133 136
Page 3
15/12/2002
1. INTRODUCTION IIT Kharagpur located about 125 KM south of Calcutta, is Indias Premier Technology Institution. Established in 1951, the institute boasts of 18 Academic Departments and 5 Centers of excellence. The vast campus, spanning over 2100 Acres has a selfcontained township of over 15,000 inhabitants. Currently there are about 450 Faculty, 2200 Employees and 4000 Students on the campus. IIT Kharagpur has best of computing platforms of the like HCL/HP/COMPAQ/IBM/ SUN/DIGITAL/SGI/PARAM. There are about 200+ Servers and 200+ High-end Workstation and 5500+ PCs in the whole network. These are used for high end computing and R&D activities along with the associated general activities in the campus. 2. INSTITUTE HISTORY The history of the IIT system dates back to 1946 when a committee was set up by Hon'ble Sir Jogendra Singh, Member of the Viceroy's Executive Council, Department of Education, Health and Agriculture to consider the setting up of Higher Technical Institutions for post war industrial development in India. The 22 member committee headed by Sri N.R.Sarkar, in its report, recommended the establishment of four Higher Technical Institutions in the Eastern, Western, Northern and Southern regions, possibly on the lines of the Massachusetts Institute of Technology, USA, with a number of secondary institutions affiliated to it. The report also urged the speedy establishment of all the four institutions with the ones in the East and the West to be started immediately. The committee also felt that such institutes would not only produce undergraduates but they should be engaged in research, producing research workers and technical teachers as well. The standard of the graduates should be at par with those from first class institutions abroad. They felt that the proportion of undergraduates and postgraduate students should be 2:1. With the above recommendations of the Sarkar committee in view, the first Indian Institute of Technology was born in May 1950 in Hijli, Kharagpur, in the eastern part of India. Initially the IIT started functioning from 5, Esplanade East, Calcutta and very soon shifted to Hijli in Sept. 1950. The present name 'Indian Institute of Technology' was adopted before the formal inauguration of the Institute on August 18, 1951, by Maulana Abul Kalam Azad. IIT Kharagpur started its journey in the old Hijli Detention Camp where some of our great freedom fighters toiled and sacrificed their lives for the independence of our country. The history of IIT Kharagpur is thus intimately linked with the history of the Hijli Detention Camp. This is possibly one of the very few Institutions all over the world, which started life in a prison house.
Confidential & Proprietary Documents ALL rights reserved by HCL COMNET Ltd. Page 4 15/12/2002
Pandit Nehru in his first convocation address in 1956 said "Here in the place of that Hijli Detention Camp stands the fine monument of India, representing India's urges, Indias future in the making. This picture seems to me symbolical of the changes that are coming to India." 3. CAMPUS LOCATION The Indian Institute of Technology, Kharagpur is located 116 kms. west of the metropolis of Calcutta. Kharagpur is extremely well connected by rail to all the four metropolis as it lies on the Howrah Bombay, Howrah Madras and Delhi-Puri line. Regular train services to Hyderabad and Bangalore are also available. Fast and regular suburban trains connect Kharagpur to Calcutta. The Institute is situated 4 kms. from the Kharagpur railway station. Autorickshaws and Taxis provide reliable, fast and the round the clock transport between the station and the campus. The Institute also provides regular bus services to the station. 4. IIT Kharagpur NETWORKING ERA (1994 2001) HCL Comnet set up the first ATM network for IIT Kharagpur in 1996. The network was built with 3 Centralized 100 OC-3 ATM switches on the Core running PNNI routing. The departments had installed a Centralized 100 ATM switch with UNI routing to the core, also acting as a LANE server version. IIT decided to move from ATM to Gigabit Ethernet backbone. This task was handed over to CMC. However, CMC failed to live upto IITs expectations. IIT got the product but not the integration expertise. HCL Comnet swung back to action again with a tie up with Cisco and got a preferred partner status in the East due to high technical know-how and network design skills. The Academic Campus network Upgradation & Expansion contract was given to HCL Comnet for designing state of the art Multiservice Network for Student Campus Network. The next phase was to integrate the Student Campus Network with the Academic Network. A classic ATM & IP integration was developed as a solution, as ATM was still being extensively used in the existing network, for research and development activities. IIT also froze its plans for setting up a new state of the art at Computer Center. HCL Comnet designed a state of the art Networking Infrastructure for the new building encompassing the entire Data Center & Telecom infrastructure for IIT campus. HCL Comnet also installed a Satellite Earth Station for providing 5 Mbps of raw Internet bandwidth from International Network Access Point (NAP) from Thaicom.
Page 5
15/12/2002
5. CAMPUS MAP
6. THE NEED IIT Kharagpur wanted to computerize its student campus to provide high-speed network connectivity. The idea was to facilitate training, technical education, information sharing through high-speed Internet access, e-mails and access to existing IIT campus network. The network had to be flexible to allow access from each and every students room of the hostel and provide unrestricted access without necessitating presence at specific physical location.
Page 6
15/12/2002
7. THE NETWORK DESIGN The network designed for IIT-Kharagpur is a Multiservice Switched network, which can be used for converging Data, Voice & Video over the IP network. The network is modular and Hierarchical with a Multi-Layer model. Core Layer: (A) High-speed transport. (B) Redundant with dual homing from the Distribution. (C) OSPF routing with load balancing. Distribution Layer: (A) (B) (C) (D) (E) L3/L4 switching enabling Policy based Networking. Content Engine at Edges for Content delivery networking. Gigabit speed connectivity to the Access layer. Fast converging routing protocol for optimal IP traffic management. Inter VLAN routing and VACLs.
Access Layer: (A) 10/100 Mbps Fast Ethernet access to the desktop. (B) Inline power for powering IP phones over copper cables. (C) Layer 2 Qos. Server Farm: (A) (B) (C) (D) (E) High-speed access to centralized computing resources. Accelerated Server Load Balancing. WCCP 2 support for web redirection. Real time Intrusion Monitoring. Faster access through Giga Etherchannel.
Video Services: (A) Multiservice Video streaming services. (B) Video on demand. (C) Archive for Media files. Content Delivery Services: (A) (B) (C) (D) (E) Smart content pushing. Pre-emptive content delivery. Reduce the access time. Centralized Content Manager. Local caching or frequently accessed content.
Page 7 15/12/2002
(F) Saves costly Internet Bandwidth. Gateway Router: (A) (B) (C) (D) Load sharing & Load balancing. Network based application recognition. Committed access rate & WAN traffic shaping. WAN probe for bandwidth monitoring of Satellite bandwidth.
8. PROJECT OVERVIEW Phase I - Academic Part: HCL COMNET installed high speed ATM backbone in the year of 1997. It was done by ATM switches and managed HUBs. Latter in the year of 1999 backbone link speed was upgraded to Gigabit Ethernet by CMC. There two no of Cisco 6006 switches was used as Core switch. The Edge switches were Cisco 2924 MXL to provide the main departmental distribution. The edge access device was Hub. The Internet was terminated at Cisco 5509 switch. The existing ATM network was also integrated at the Cisco 5509 switch. In the year of 2001 the network was upgraded with forcing functionality. a) Network upgraded from layer II to layer III by changing the supervisory engine of existing 6006 switch. b) New 6506 switch also installed for the distribution, which does the interdepartmental VLAN routing. c) Six major department distribution switch upgraded by layer III Cisco 2948 switch. d) To enhance the multiple VLAN in a single department, previous 2924 MXL switch replaced by 3524 switch. e) Previous departmental 10 base FL link upgraded to Gigabit Ethernet by replacing the Hub by redundant 2924 MXL switch. f) To integrate multiple Distribution switch at CIC, one Core switch (Cisco 6509) has been installed at central network room. Each year lightning was damaging the lot of active components. It was identified that Surges are mainly coming from the external copper wire such as UTP and Thick Ethernet. These kinds of links have been upgraded to Optical fiber to avoid repeated problem. We have also installed stand alone UPS on input of the switch where central UPS power is not available. Phase II Hostel/Foundation Part: The student hostels with computer center and server farm were integrated through high-speed Gigabit infrastructure. The hostel was interlinked with Layer-3 aggregation Switch and local Servers. Edge switches, which connect to the student workstation, aggregated the end connection to the Distribution Switch (Cat-6509). Two high-speed Layer-3 Core Switches were installed at central site for redundancy. The Core switches facilitated high-speed transport for the Campus infrastructure. Common Servers in the network were
connected to a high-speed Server-Farm (Cat-6506) switch. An intrusion detection system ensured security on the server-farm switch. An ATM MPOA server was deployed to integrate the existing R&D ATM network into Gigabit network. The voice, video and data application were integrated with a converged Internet Protocol (IP) solution to provide high-availability network with video server facility for lectures and self study materials. High-speed Content Engines were deployed all the hostels for caching multimedia information. A central Content Distribution Manager provided centralized control, push-pull facility and content management across the network. Redundant Firewall (PIX-525) was installed for secure access to Internet as well as Intranet. Access to the Core network was controlled at the Distribution switches through access control list. Cisco Secure Policy Manager was used to manage the security policy across the network. The Trend Micro Enterprise Suite yet to be installed for centralized Virus Control. Modular, Cost-effective, Growth was proposed in End connections, bandwidth and application. The current network infrastructure is scalable to 10 Gigabit Ethernet Network.
Page 9
15/12/2002
9. How we have implemented the Entire Network We had set-up one test bed in Mechanical Dept of IIT Kharagpur for implementing of Hostel Network & connect the same network with Academic network.
TEST BED SET-UP
VLAN 600 3/1 (10.200.3.1) Core Switch(1) 6509 3/3 (10.200.5.1) 3/2 (10.200.2.2) 3/1 (10.200.3.2) Core Switch(2) 6509
60 1
3/2 (10.200.1.2)
3/3 (10.200.4.1)
VL AN
60 4
VL AN
3/1 (10.200.1.1)
N6 VLA
02
VLA N
60
3/1 (10.200.4.2)
3/2 (10.200.2.1) Distribution Switch 6509
3/2 (10.200.5.2) Distribution Switch 6509
Area 0
Ar
ea 2
a1 A re
Edge Switch 3524 Port no 1 12 VLAN 700 - 710 Port no 13 24 VLAN 711 - 720
Page 10
15/12/2002
10. IIT Kharagpur CAMPUS NETWORK SCHEMATIC
Ed g e Sw it ch De pa rt me nt M a jo r De pa rt me n t s Dist rib ut io n Sw it ch 2 M b ps VS NL Link C is co 2 9 4 8 - L3 VS N L R o u t e r C isco 5 5 0 9
A T M S w it c h
De pt. Dis trib u t io n S w it che s
C isco 4 00 6
C OR E 1 E d g e S w itch D e p a rtme n t C OR E 3 C isco P IX w it h F a ilo v e r
C OR E 2
5 M b ps Th a ico m Lin k
Server Farm
Se rve rs
To t a l 1 4 H o st e l Dis t rib ut ion Sw it ch
C is co 7 5 0 7 G a t e w ay R o ute r
C a che E n gin e
C o n te n t En gine
Ed ge Sw it ch Ho s te l
E d g e S w it ch
E d g e S w itch
E d g e S w itch Ho st e l
11. CENTRAL NETWORK ROOM SCHEMATIC
CS E , L ib ra r y , M e c h a n ic a l, Che m ic a l, E le c t r ic a l w he r e Ca t - 294 8 h a s be e n ins t a lle d V s nl L in k C is c o - 5 5 09

4/ 16
A T M S w it c h
4/ 15
Fa ilo v e r
C- D O T H UB Po r t - 11 Po rt A x 100 Tx Rx
1-6
Po r t- 9
P IX
18 - 23
Ca t - 192 4
3/ 2 A c a d e m ic C O R E 650 9 C E - 59 0
3/ 3
3/ 1
Sa t e llit e M o de m
DV B Re c e iv e r
G 0/ 1 3/ 16
3/ 16
Ne t w o r k La b Ca t - 352 4
F. E 4/ 0/ 0 Ho s t e l C O R E - 1 650 9 Ho s t e l C O R E - 2 650 9 D is t rib ut io n 6 50 6 Ot h e r De p a r t me n t s T ha ic o m Ga t e w a y Ro ut e r - 7 50 7
1 4 Ho s t e l D is t . S w it c he s
Page 11
15/12/2002
F. E 1 / 0 / 0
3/ 13
S 1/ 1/ 0
3/ 15
12. NETWORK SCHEMATIC Of SOME DEPARTMENTS
L I B R AR Y
6 C o r e S M F fr o m C IC
Ca t 2 9 4 8 L3 S w it c h 1 0 . 1 7 . 1 .2
E L E C T R O N IC L IB R A R Y M A Z E NI N E FL O O R Ca t 1 9 2 4 S w it c h 1 0 . 1 7 . 2 .1 C a t 1 9 2 4 S w it c h 1 0 . 1 7 . 3 .1
8 Po rt H UB Ch a ir m a n R o o m
8 Port H UB Ne a r G a t e
8 Po r t H UB K. K . P a n d a R o o m
ELECTRICAL
12 Core SMF fro m CIC TDM Lab
TDM Lab 16 Port HUB 6 Core SMF towards TDM Lab
Co mputer Contro l La b Cat 2948 L3 Switch 10.9.1.2
N 23 7 16 Port HUB
Energy Lab, Gnd Floor 12 Port Hub
SA I Lab Cat 1924 Switch 10.9.3.1
Po wer Syste m La b Cat 1924 Switch 10.9.2.1
Po wer Syste m La b 8 Port HUB
Page 12
15/12/2002
CIVIL
6 Core M M F
Cat 35 24 X L EN (10. 19. 1.1) Co mputer Ro o m Cat 19 24 S w itch (10. 19. 4.1) 2 n d Floor Enviro n me nt al Lab Cat 19 24 S w itch (10. 19. 3.1) Co mputer Ro o m
A UI/ FL Cat 19 24 S w itch (10. 19. 5.1) Structural Lab
Con nected fro m Cry oge n ic
8 Port HUB Trans portation Lab Cat 19 24 S w itch (10. 19. 2.1) Fou ndat ion Engg .
10 Core SMF fro m CIC
ARCHITECHTURE & SMT
FMT - 1
FMT - 2
SMT Mult ime d ia La b 1st Floor
Access VLA N 1 8 from CIC Dis tribution 4/15 F 0/23
6 Core SMF towards CET
G 0/1 Co mputer Ro o m Ground Floor FMT
Cat-2924 MXL (10.27.1.2)
Access VLA N 4 0 from CIC Dis tribution 4/14 G 0/1

Fr o m F 0/24
UP- Lin k Crossover UTP Cab le E 0/ 24 Roo m C-206 1st Floor Cat-1924 (10. 27.2.1)
Cat-2924 MXL (10.54.1.1)
8 Port HUB Library Roo m Ground Floor A RCHITECTURE
Page 13
15/12/2002
12 Core SMF from CIC
CRF & NAVAL

NA VAL Computer Room, 1st Floor
12 1 6
ST - ST
ST - SC
ST - SC
1 6
F 0/23 6 Core SMF towards Nava l
F 0/24
Trunk- VLA N 11 CIC Dist. 4/10 G 0/1
Cat 3524 XL EN (10.24.1.1) Access- VLA N 17 from CIC Distribut ion 4/11 G 0/1 Fiber Opt ic La b Ground Floor Cat 2924 MX L (10.42.1.2) Cat 1924 (10.24.2.1) UP- Link Crossover UTP Cable F 0/24
UP- Link Crossover UTP Cable
CRF
OSTC 1st Floor
16 Port HUB
M IN IN G , FO U N DR Y , W ATE R W O RK S
6 Co r e S M F fr o m C IC 6 Co r e S M F M I NI N G FO U ND R Y
To w a r ds Fo u ndr y
S T - SC
To wa rds W a t e r W o rks
MC FO - UT P
A cce s s V LA N 1 6 fr o m C IC D is t . 4/ 8 G 1/ 1 MC UT P - FO Ca t 29 24 M X L (10. 32. 1.2)
MC UT P - FO
6 Co r e S M F
8 Po rt HU B HOD R o o m
8 Po rt HU B Pro f. J .Bs R oo m
8 Po rt HU B R es ea rc h S cho la r R oom
MC FO - UT P
W A TER W O R KS
Page 14
15/12/2002
12 Core S M F fro m C IC
IEM & VGSOM
6 Core t owar ds V GS O M V GS OM Gn d Floor Co mput er La b Cat 35 24 X L EN (10. 43. 1.1) 6 Core Fiber t owards IS R O
IEM G nd Floor C om pute r La b

Cat 35 24 X L EN (10. 29. 1.1)
Board Roo m 2 nd Floor Cat 19 24 S w it ch (10. 43. 3.1)
Dea ns Roo m 1 s t Floor Cat 19 24 S w itch (10. 43. 2.1)
Ca t 19 24 S w it ch (10. 29. 2.1) 8 Port HUB Prof. D. Chate r jee 2 nd Floor
IEM Gn d Floor Wor ks tat ion Lab
8 Port HUB Res earch Sc ho la r La b 1 s t Floor
IE & M
Cat 19 24 S w itch (10. 29. 3.1)
VGSOM
CRYOGENIC & Foundation Engg.(CIVIL)

6 Core SMF fro m CIC
CRY O GE NIC
Foundat ion Engg . (CIV IL)
SC - SC
6 Core SMF towards F. Engg.

1 6 1 6
Trunk VLA N 23/24 fro m CIC Dist. 3/8 Co mputer Ro o m 1st Floor F 0/24
ST - ST ST - ST MC FO - UTP MC UTP - FO
Cat-2924 MXL E N (10.36. 1.2)
A ccess VLA N 24 F 0/23 Cat-1924 (10.19.2.1)
UP- Link Crossover UTP Cable PED Lab 1st Floor Cat-1924 (10. 36. 2.1)
Cryogenic : VLA N 23 Foundat ion Engg .(Civ il) : VLA N 24
Page 15
15/12/2002
Aerospace & Material Sc.

12 Core S M F fro m C IC A ER OS PA CE W IND LA B MA TER IA L SC.
6 Core M M F to wards W ind LA B
Cat 35 24 X L EN (10. 25. 1.1) A erospace Co mp uter Lab
A UI/ FL 16 Port Sy nopt ic HUB W IND LA B
Cat 29 24 MX L (10. 39. 1.1) Mat. Sc. Co mputer Roo m
Cat 19 24 S w it ch (10. 25. 2.1) A erospace Co mp ute r Lab
A UI/ FL
Physics Mathematics - Chemistry

6 Core S MF fro m CIC MA THEMA TICS CHEMIS TRY
12 Core SMF fro m CIC 6 Core SMF fro m CIC PHYSICS
Cat 35 24 X L EN (10.33.1.1) Co mputer Ro o m
Cat 29 24 MX L (10.28.1.2) Che mistry Co mputer LA B
Cat 35 24 X L EN (10.23.1.1) MA TH - LA B - 1
12 Core SMF to wards Te leco m
Cat 1924 Switch (10.33.2.1) Phys ics - OFFICE
Cat 19 24 Switch (10.23. 2.1) MA TH - LA B - 1
Cat 19 24 S witch (10. 23.3.1) MA TH - LA B - 2
Cat 1924 Switch (10.23.4.1) Not yet Installed
Page 16
15/12/2002
13. NETWORK SCHEMATIC Of SOME HOSTELS
BCR HALL BCR HALL
PORT 3 / 11 IP ADD 10. 200. 31.0
MGT IP: 10. 200 .1 . 102
PORT 3 / 11
IP ADD 10. 200. 32. 0
VLAN 632
6509 CORE 1
VLAN 631
PORT 3 / 15 IP ADD 10. 200. 31. 0

3/ 1 3/ 2 3/ 3 3/ 4 3/ 5 3/ 6 3/ 7
PORT 3 / 16 IP ADD 10. 200. 32. 0
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/ 8 3/ 9
1.E-BLOCK 2.GND FL 3.VLAN NO 750 . 4.MGT IP10.200.1.1 5.HOST NAM E BCR_E_GN D.
1.E-BLOCK 2.1ST+2ND FL 3.VLAN NO 751 . 4.MGT IP10.200.1.3 5.HOST NAM E BCR_E_1ST.
1.S-BLOCK 2.GND FL 3.VLAN NO 752 . 4.MGT IP10.200.1.4 5.HOST NAM E BCR_S_GND .
1.S-BLOCK 2.1ST+2ND FL.. 3.VLAN NO 753 . 4.MGT IP10.200.1.5 5.HOST NAM E BCR_S_1ST.
1.NEBLOCK 2.GND FL 3.VLAN NO 754 . 4.MGT IP10.200.1.6. HOST NAM E BCR_NE_G ND.
1.NEBLOCK 2.1ST+2ND FL . 3.VLAN NO 755 . 4.MGT IP10.200.1.7. HOST NAM E BCR_NE_1S T.
1.NWBLOCK 2.GND FL 3.VLAN NO 756 . 4.MGT IP10.200.1.8. HOST NAM E BCR_NW_G ND.
1.NWBLOCK 2.1ST+2ND FL . 3.VLAN NO 757 . 4.MGT IP10.200.1.9. HOST NAM E BCR_NW_1S T.
1.W-BLOCK 2.GND FL 3.VLAN NO 758 . 4.MGT IP10.200.1.10.H OST NAM E BCR_W_GN D.
1.W-BLOCK 2.1ST+2ND FL . 3.VLAN NO 759 . 4.MGT IP10.200.1.11.H OST NAM E BCR_W_1ST .
AZAD HALL AZAD HALL
PORT 3 / 1 IP ADD 10. 200. 11.0
MGT IP: 10. 200 .1 . 101
PORT 3 / 1
IP ADD 10. 200. 12. 0
VLAN 612
6509 CORE 1
VLAN 611
PORT 3 / 15 IP ADD 10. 200. 11. 0

3/1 3/2 3/3 3/4 3/5 3/6 3/7
PORT 3 / 16 IP ADD 10. 200. 12. 0
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/8 3/9
1.A-BLOCK 2.GND FL 3.VLAN NO 830 . 4.MGT IP10.200.1.100 5.HOS T NAME AZAD_ A_G ND.
1.B-BLOCK 2.GND FL 3.VLAN NO 831 . 4.MGT IP10.200.1.88 5.HOS T NAME AZAD_B_GN D.
1.B-BLOCK 2.1S T FL 3.VLAN NO 832 . 4.MGT IP10.200.1.89 5.HOS T NAME AZAD_B_1S T.
1.B-BLOCK 2.2ND FL 3.VLAN NO 833 . 4.MGT IP10.200.1.90 5.HOS T NAME AZAD_B_2N D.
1.C-BLOCK 2.GND FL 3.VLAN NO 834 . 4.MGT IP10.200.1.91. 10.200.1.92. HOS T NAME AZAD_C_GN D AZAD_C_GN D1.
1.C-BLOCK 2.1S T FL 3.VLAN NO 835 . 4.MGT IP10.200.1.93. HOS T NAME AZAD_C_1S T.
1.C-BLOCK 2.2ND FL 3.VLAN NO 836 . 4.MGT IP10.200.1.94. 10.200.1.95. HOS T NAME AZAD_C_2N D AZAD_C_2N D1.
1.D-BLOCK 2.GND FL 3.VLAN NO 837 . 4.MGT IP10.200.1.96. HOS T NAME AZAD_D_G ND.
1.D-BLOCK 2.1S T FL 3.VLAN NO 838 . 4.MGT IP10.200.1.97. 10.200.1.98 HOS T NAME AZAD_D_1ST .AZAD_D_1ST 1
1.D-BLOCK 2.2ND FL 3.VLAN NO 839 . 4.MGT IP10.200.1.99. HOS T NAME AZAD_D_2 ND.
Page 17
15/12/2002
MBM & SN HALL MBM & SN HALL
PORT 3 / 12 IP ADD 10. 200. 33.0
MGT IP: 10. 200 .1 . 107
PORT 3 / 12
IP ADD 10. 200. 34. 0
VLAN 634
6509 CORE 1
VLAN 633
PORT 3 / 15 IP ADD 10. 200. 33. 0

3/1 3/2
PORT 3 / 16 IP ADD 10. 200. 34. 0
6509 CORE 2
6509 DISTRIBUTION
3/7 3/6
3/3
3/4
3/5
1.A-BLOCK 2.VLAN NO 740 . 3.MGT IP10.200.1.56 4.HOST NAME: MBM_A.
1.B-BLOCK 2.VLAN NO 741 . 3.MGT IP10.200.1.57 4.HOST NAME: MBM_B.
1.S-BLOCK 2.GND+1ST FL. 3.VLAN NO 742 . 4.MGT IP10.200.1.58 5.HOST NAME SN_S_GND.
1.S-BLOCK 2.2ND FL 3.VLAN NO 743 . 4.MGT IP10.200.1.59 5.HOST NAME SN_S_2ND.
1.N-BLOCK 2.GND+1ST FL . 3.VLAN NO 744 . 4.MGT IP10.200.1.60 5.HOST NAME SN_N_GND.
1.N-BLOCK 2.2ND FL 3.VLAN NO 745 . 4.MGT IP10.200.1.61 5.HOST NAME SN_N_2ND.
1.W-BLOCK 2.VLAN NO 746 . 4.MGT IP10.200.1.62 5.HOST NAME SN_W.
IG & MT HALL IG & MT HALL
PORT 3 / 13 IP ADD 10. 200. 35.0
MGT IP: 10. 200 .1 . 115
PORT 3 / 13
IP ADD 10. 200. 36. 0
VLAN 636
6509 CORE 1
VLAN 635
PORT 3 / 15 IP ADD 10. 200. 35. 0

3/1 3/2 3/3 3/4 3/5 3/6 3/7
PORT 3 / 16 IP ADD 10. 200. 36. 0
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/8 3/9
1.F-BLOCK 2.GND FL 3.VLAN NO 805 . 4.MGT IP10.200.1.63 5.HOS T NAME IG_F_GND.
1.F-BLOCK 2.2ND FL 3.VLAN NO 806 . 4.MGT IP10.200.1.64 5.HOS T NAME IG_F_2ND.
1.G-BLOCK 2.GND FL 3.VLAN NO 807 . 4.MGT IP10.200.1.65 5.HOS T NAME IG_G_GND.
1.G-BLOCK 2.2ND FL 3.VLAN NO 808 . 4.MGT IP10.200.1.66 5.HOS T NAME IG_G_2ND.
1.H-BLOCK 2.GND FL 3.VLAN NO 809 . 4.MGT IP10.200.1.67. HOS T NAME IG_H_GND.
1.H-BLOCK 2.2ND FL 3.VLAN NO 810 . 4.MGT IP10.200.1.68. HOS T NAME IG_H_2ND.
1.A-BLOCK 2.GND FL 3.VLAN NO 811 . 4.MGT IP10.200.1.69. 10.200.1.70. HOS T NAME MT_A_GND MT_A_GND1.
1.B-BLOCK 2.GND FL 3.VLAN NO 812. 4.MGT IP10.200.1.71. 10.200.1.72 HOS T NAME MT_B_GND .MT_B_GND1
1.C-BLOCK 2.GND FL 3.VLAN NO 813 . 4.MGT IP10.200.1.73. 10.200.1.74. HOS T NAME MT_C_GND MT_C_GND1.
Page 18
15/12/2002
NEHRU HALL NEHRU HALL
PORT 3 / 2 IP ADD 10. 200. 13.0
MGT IP: 10. 200 .1 . 108
PORT 3 / 2
IP ADD 10. 200. 14. 0
VLAN 614
6509 CORE 1
VLAN 613
PORT 3 / 15 IP ADD 10. 200. 13. 0

3/1 3/2 3/3 3/4 3/5 3/6 3/7
PORT 3 / 16 IP ADD 10. 200. 14. 0
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/8 3/9
1.A-BLOCK 2.GND FL 3.VLAN NO 815 . 4.MGT IP10.200.1.75 5.HOS T NAME NEHRU_A_ GND.
1.B-BLOCK 2.GND FL 3.VLAN NO 816 . 4.MGT IP10.200.1.76 5.HOST NAME NEHRU_B_G ND.
1.B-BLOCK 2.1ST FL 3.VLAN NO 817 . 4.MGT IP10.200.1.77 5.HOST NAME NEHRU_B_ 1ST.
1.B-BLOCK 2.2ND FL 3.VLAN NO 818 . 4.MGT IP10.200.1.78 5.HOST NAME NEHRU_B_ 2ND.
1.C-BLOCK 2.GND FL 3.VLAN NO 819 . 4.MGT IP10.200.1.79. 10.200.1.80. HOST NAME NEHRU_C_G ND NEHRU_C_G ND1.
1.C-BLOCK 2.1ST FL 3.VLAN NO 820 . 4.MGT IP10.200.1.81. HOST NAME NEHRU_C_ 1ST.
1.C-BLOCK 2.2ND FL 3.VLAN NO 821 . 4.MGT IP10.200.1.82. 10.200.1.83. HOS T NAME NEHRU_C_2 ND NEHRU_C_2 ND1.
1.D-BLOCK 2.GND FL 3.VLAN NO 822 . 4.MGT IP10.200.1.84. HOST NAME NEHRU_D_ GND.
1.C-BLOCK 2.2ND FL 3.VLAN NO 824 . 4.MGT IP10.200.1.86. 10.200.1.87. HOST NAME NEHRU_D_1S T NEHRU_D_1S T1.
1.D-BLOCK 2.2ND FL 3.VLAN NO 823 . 4.MGT IP10.200.1.85. HOST NAME NEHRU_D_ 2ND.
PATEL HALL PATEL HALL
PORT 3 / 3 IP ADD 10. 200. 15.0
MGT IP: 10. 200 .1 . 109
PORT 3 / 3
IP ADD 10. 200. 16. 0
VLAN 616
6509 CORE 1
VLAN 615
PORT 3 / 15 IP ADD 10. 200. 15. 0

3/1 3/2 3/3 3/4 3/5 3/6 3/7
PORT 3 / 16 IP ADD 10. 200. 16. 0
6509 CORE 2
6509 DISTRIBUTION
3 / 10 3/8 3/9
1.A-BLOCK 2.GND FL 3.VLAN NO 785 . 4.MGT IP10.200.1.53 5.HOS T NAME PATEL_A_ GND.
1.B-BLOCK 2.GND FL 3.VLAN NO 786 . 4.MGT IP10.200.1.54 5.HOST NAME PATEL_B_G ND.
1.B-BLOCK 2.1ST FL 3.VLAN NO 787 . 4.MGT IP10.200.1.42 5.HOST NAME PATEL_B_1 ST.
1.B-BLOCK 2.2ND FL 3.VLAN NO 788 . 4.MGT IP10.200.1.43 5.HOST NAME PATEL_B_2 ND.
1.C-BLOCK 2.GND FL 3.VLAN NO 789 . 4.MGT IP10.200.1.44. 10.200.1.45. HOST NAME PATEL_C_G ND PATEL_C_G ND1.
1.C-BLOCK 2.1ST FL 3.VLAN NO 790 . 4.MGT IP10.200.1.46. HOST NAME PATEL_C_1 S T.
1.C-BLOCK 2.2ND FL 3.VLAN NO 791 . 4.MGT IP10.200.1.48. 10.200.1.49. HOS T NAME PATEL_C_2N D PATEL_C_2N D1.
1.D-BLOCK 2.GND FL 3.VLAN NO 792 . 4.MGT IP10.200.1.50. HOST NAME PATEL_D_ GND.
1.D-BLOCK 2.1ST FL 3.VLAN NO 793 . 4.MGT IP10.200.1.51. HOST NAME PATEL_D_1ST .
1.D-BLOCK 2.2ND FL 3.VLAN NO 794 . 4.MGT IP10.200.1.52. HOST NAME PATEL_D_2 ND.
Page 19
15/12/2002
14. CONFIGURATION DETAILS OF CENTRAL NETWORK EQUIPMENTS (A) Academic CORE Cisco Catalyst 6509 Switch:
Console> (enable) show config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. .................. .................. .................. .................. ................. .. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu Dec 19 2002, 03:25:14 ! #version 6.1(3) ! ! #system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A DK: 40 ! set password $2$0GhI$SVVAsoF8Uk5E5KgUsNiVM1 set enablepass $2$bD0w$qTOAn.ueBMmhNvHxpo7B10 ! #errordetection set errordetection portcounter enable ! #! #snmp set snmp community read-write patel set snmp rmon enable set snmp trap enable module set snmp trap enable chassis set snmp trap enable bridge set snmp trap enable repeater set snmp trap enable vtp set snmp trap enable auth set snmp trap enable ippermit set snmp trap disable vmps set snmp trap enable entity set snmp trap enable config set snmp trap enable stpx set snmp trap enable syslog set snmp trap 10.211.1.101 patel
! #vtp set vtp domain FOUNDATION_CORE1 set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active set vlan 3 name gsst type ethernet mtu 1500 said 100003 state active set vlan 8 name CET type ethernet mtu 1500 said 100008 state active set vlan 13 name chemical type ethernet mtu 1500 said 100013 state active set vlan 24 name civil type ethernet mtu 1500 said 100024 state active set vlan 38 name csestaff type ethernet mtu 1500 said 100038 state active set vlan 39 name csefaculty type ethernet mtu 1500 said 100039 state active set vlan 100 name cic_server type ethernet mtu 1500 said 100100 state active set vlan 500 name cicdist type ethernet mtu 1500 said 100500 state active set vlan 501 name dist_elec type ethernet mtu 1500 said 100501 state active set vlan 502 name library type ethernet mtu 1500 said 100502 state active set vlan 503 name core_csc type ethernet mtu 1500 said 100503 state active set vlan 504 name core_mech type ethernet mtu 1500 said 100504 state active set vlan 507 name Foundation_core type ethernet mtu 1500 said 100507 state activ e set vlan 508 name academic_core type ethernet mtu 1500 said 100508 state active set set set set vlan vlan vlan vlan 509 605 640 641 name name name name Newcic_dist type ethernet mtu 1500 said 100509 state active serverfarm type ethernet mtu 1500 said 100605 state active hall_server type ethernet mtu 1500 said 100640 state active contentengine type ethernet mtu 1500 said 100641 state active
set vlan 645 name Thaicom type ethernet mtu 1500 said 100645 state active set vlan 650 name Firewall type ethernet mtu 1500 said 100650 state active set vlan 721 name d1_2_core type ethernet mtu 1500 said 100721 state active set vlan 722 name d2_2_core type ethernet mtu 1500 said 100722 state active set vlan 761 name RP type ethernet mtu 1500 said 100761 state active set vlan 900 name mech204 type ethernet mtu 1500 said 100900 state active set vlan 901 name mech205 type ethernet mtu 1500 said 100901 state active set vlan 910 name 7500 type ethernet mtu 1500 said 100910 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 800,999 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.253/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin !
#qos set qos enable ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set vlan 650 1/1-2 set port trap 1/1-2 enable set trunk 1/1 on isl 1-1005,1025-4094 ! #module 2 : 2-port 1000BaseX Supervisor set port trap 2/1-2 enable ! #module 3 : 16-port 1000BaseX Ethernet set vlan 650 3/16 set port trap 3/1-16 enable set udld enable 3/10-11,3/15-16 clear trunk 3/1 2-507,509-639,642-760,762-1005,1025-4094 set trunk 3/1 on isl 1,508,640-641,761 clear trunk 3/2 2-506,508-639,642-760,762-1005,1025-4094 set trunk 3/2 on isl 1,507,640-641,761 clear trunk 3/3 1025-4094 set trunk 3/3 on isl 1-1005 clear trunk 3/4 1-500,502-1005,1025-4094 set trunk 3/4 on isl 501 clear trunk 3/5 1,3-37,40-497,500-502,504-644,646-1005,1025-4094 set trunk 3/5 on isl 2,38-39,498-499,503,645 clear trunk 3/6 1025-4094 set trunk 3/6 on isl 1-1005 clear trunk 3/7 2-99,101-604,606-639,642-799,801-1005,1025-4094 set trunk 3/7 on isl 1,100,605,640-641,800 clear trunk 3/8 1,3-99,101-503,505-639,641-1005,1025-4094 set trunk 3/8 on isl 2,100,504,640 clear trunk 3/9 1,3-501,503-1005,1025-4094 set trunk 3/9 on isl 2,502 clear trunk 3/10 1025-4094 set trunk 3/10 on isl 1-1005 clear trunk 3/11 1-1005,1025-4094 set trunk 3/11 auto negotiate clear trunk 3/12 1-1005,1025-4094 set trunk 3/12 auto negotiate clear trunk 3/13 1025-4094 set trunk 3/13 on isl 1-1005 clear trunk 3/14 1-1005,1025-4094 set trunk 3/14 auto negotiate clear trunk 3/15 1-1005,1025-4094 set trunk 3/15 auto negotiate clear trunk 3/16 1-909,911-1005,1025-4094 set trunk 3/16 on isl 910 set port qos 3/1-16 policy-source local !
#module 4 : 16-port 1000BaseX Ethernet set vlan 650 4/15-16 set port trap 4/1-16 enable set udld enable 4/14 set port qos 4/15-16 vlan-based ! #module 5 : 0-port Switch Fabric Module ! #module 6 empty ! #module 7 empty ! #module 8 empty ! #module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 : 1-port Multilayer Switch Feature Card end Trying Router-15... Connected to Router-15. Escape character is '^]'. NEWCIC_CORE>en Password: NEWCIC_CORE#sh run Building configuration... Current configuration : 3459 bytes ! ! No configuration change since last restart ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname NEWCIC_CORE ! boot system flash bootflash:c6msfc2-psv-mz.121-7a.E1 enable password core1 ! clock calendar-valid ip subnet-zero ip wccp web-cache ! ! no ip finger ! ip multicast-routing
! ! ! interface Vlan13 description chem ip address 10.20.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan100 description CICSERVER_VLAN ip address 10.2.1.2 255.255.0.0 ! interface Vlan498 description interdep1_vlan ip address 10.3.16.2 255.255.255.0 ! interface Vlan499 description interdep2_vlan ip address 10.3.17.2 255.255.255.0 ! interface Vlan500 description connectivity to CIC_dist ip address 10.151.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip directed-broadcast ! interface Vlan501 description electrical distribution ip address 10.150.1.2 255.255.0.0 ! interface Vlan502 description library_distribution ip address 10.152.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip directed-broadcast ! interface Vlan503 description core_csc_vlan ip address 10.153.1.2 255.255.0.0 ! interface Vlan504 description core_mech_vlan ip address 10.154.1.2 255.255.0.0 ip pim dense-mode ! interface Vlan507 description Newciccore_to_Foundationcore ip address 10.200.7.1 255.255.255.0 ip pim dense-mode ! interface Vlan508
description ** ACADEMIC CORE TO FOUNDATION CORE1 ** ip address 10.200.8.1 255.255.255.0 ip pim dense-mode ! interface Vlan509 description ** ACADEMIC CORE TO FOUNDATION CORE2 ** ip address 10.200.9.1 255.255.255.0 ip pim dense-mode ! interface Vlan605 description ** TEST BED CONNECTIVITY ** ip address 10.200.6.1 255.255.255.0 ! interface Vlan641 ip address 10.129.50.2 255.255.255.0 ip route-cache same-interface ! interface Vlan645 description THAICOM ip address 61.11.251.1 255.255.255.0 secondary ip address 202.131.126.1 255.255.255.0 secondary ip address 202.131.127.1 255.255.255.0 secondary ip address 203.192.37.1 255.255.255.0 no ip redirects no ip unreachables ! interface Vlan650 description firewall_vlan ip address 10.250.1.4 255.255.255.0 ip access-group 160 out ip wccp web-cache redirect out ip pim dense-mode ! router ospf 109 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 network 61.11.251.0 0.0.0.255 area 251 network 202.131.126.0 0.0.0.255 area 126 network 202.131.127.0 0.0.0.255 area 127 network 203.192.37.0 0.0.0.255 area 37 default-information originate ! ip classless ip route 0.0.0.0 0.0.0.0 10.250.1.2 150 ip route 10.100.11.225 255.255.255.255 10.200.9.2 no ip http server ! access-list 160 permit ip 10.107.15.0 0.0.0.255 any access-list 160 permit ip 10.107.10.0 0.0.0.255 any access-list 160 permit ip 144.16.0.0 0.0.255.255 any access-list 160 permit ip 10.0.0.0 0.63.255.255 any access-list 160 permit ip 10.128.0.0 0.127.255.255 any
access-list 160 permit ip 10.96.0.0 0.31.255.255 any time-range halltime access-list 160 permit ip 61.11.251.0 0.0.0.255 any access-list 160 permit ip 203.192.37.0 0.0.0.255 any access-list 160 permit ip 202.131.126.0 0.0.0.255 any access-list 160 permit ip 202.131.127.0 0.0.0.255 any snmp-server community public RO ! ! line con 0 transport input none line vty 0 4 login ! time-range halltime periodic weekdays 0:00 to 8:00 periodic weekend 0:00 to 23:59 periodic weekdays 17:30 to 23:59 ! end
Page 26
15/12/2002
(B)
Academic DISTRIBUTION Cisco Catalyst 6509 Switch:
Console> (enable) sh config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ......... .................. .................. .................. .................. .................. .................. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu Dec 19 2002, 04:30:49 ! #version 6.1(1b) ! ! #errordetection set errordetection portcounter enable ! #! #vtp set vtp domain NEWCICDIST set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active set vlan 3 name gsst_private_ip type ethernet mtu 1500 said 100003 state active set set set set set set set set set set set set set set set set set set set set vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan vlan 4 name math type ethernet mtu 1500 said 100004 state active 5 name CIC_VLAN type ethernet mtu 1500 said 100005 state active 6 name vgsom type ethernet mtu 1500 said 100006 state active 7 name physics type ethernet mtu 1500 said 100007 state active 8 name CET type ethernet mtu 1500 said 100008 state active 9 name chemistry type ethernet mtu 1500 said 100009 state active 10 name IEM type ethernet mtu 1500 said 100010 state active 11 name naval type ethernet mtu 1500 said 100011 state active 12 name aerospace type ethernet mtu 1500 said 100012 state active 13 name chemical type ethernet mtu 1500 said 100013 state active 14 name matsc type ethernet mtu 1500 said 100014 state active 15 name metal type ethernet mtu 1500 said 100015 state active 16 name mining type ethernet mtu 1500 said 100016 state active 17 name crf type ethernet mtu 1500 said 100017 state active 18 name architecture type ethernet mtu 1500 said 100018 state active 19 name step type ethernet mtu 1500 said 100019 state active 20 name GEOLOGY type ethernet mtu 1500 said 100020 state active 21 name RTC type ethernet mtu 1500 said 100021 state active 22 name HUMANITY type ethernet mtu 1500 said 100022 state active 23 name CRYOGENIC type ethernet mtu 1500 said 100023 state active
Page 27 15/12/2002
set vlan 24 name CIVIL type ethernet mtu 1500 said 100024 state active set vlan 25 name Agriculture_PHTC type ethernet mtu 1500 said 100025 state activ e set vlan 26 name infocell type ethernet mtu 1500 said 100026 state active set vlan 30 name PCLAB1 type ethernet mtu 1500 said 100030 state active set vlan 31 name PCLAB2 type ethernet mtu 1500 said 100031 state active set vlan 32 name WORKSTATION type ethernet mtu 1500 said 100032 state active set vlan 33 name TERMINAL type ethernet mtu 1500 said 100033 state active set vlan 34 name STAFF type ethernet mtu 1500 said 100034 state active set vlan 35 name VLSI type ethernet mtu 1500 said 100035 state active set vlan 36 name ADVLSI type ethernet mtu 1500 said 100036 state active set vlan 37 name MEDIALAB type ethernet mtu 1500 said 100037 state active set vlan 38 name CSESTAFF type ethernet mtu 1500 said 100038 state active set vlan 39 name CSEFACULTY type ethernet mtu 1500 said 100039 state active set vlan 40 name smt type ethernet mtu 1500 said 100040 state active set vlan 50 name abcd type ethernet mtu 1500 said 100050 state active set vlan 51 name LAB1_SIT type ethernet mtu 1500 said 100051 state active set vlan 52 name SERVER1s_SIT type ethernet mtu 1500 said 100052 state active set vlan 53 name SERVER1p_SIT type ethernet mtu 1500 said 100053 state active set vlan 54 name LAB2_SIT type ethernet mtu 1500 said 100054 state active set vlan 55 name SERVER2s_SIT type ethernet mtu 1500 said 100055 state active set vlan 56 name SERVER2p_SIT type ethernet mtu 1500 said 100056 state active set vlan 57 name INCUBIT_SIT type ethernet mtu 1500 said 100057 state active set vlan 58 name FACULTY_SIT type ethernet mtu 1500 said 100058 state active set vlan 59 name STAFF_SIT type ethernet mtu 1500 said 100059 state active set vlan 60 name PROJECT_SIT type ethernet mtu 1500 said 100060 state active set vlan 61 name FPGA_SIT type ethernet mtu 1500 said 100061 state active set vlan 100 name CICSERVER type ethernet mtu 1500 said 100100 state active set vlan 498 name interdep1 type ethernet mtu 1500 said 100498 state active set vlan 499 name interdep2 type ethernet mtu 1500 said 100499 state active set vlan 500 name CIC_to_core type ethernet mtu 1500 said 100500 state active set vlan 505 name CORE_NEWCICDIST type ethernet mtu 1500 said 100505 state activ e set vlan 506 name NEWCIC_SERVER2948 type ethernet mtu 1500 said 100506 state act ive set vlan 509 name NEWCICCORE_NEWCICDIST type ethernet mtu 1500 said 100509 state active set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active set vlan 650 name firewall type ethernet mtu 1500 said 100650 state active set vlan 761 name RP type ethernet mtu 1500 said 100761 state active set vlan 872 name RCC_VLAN type ethernet mtu 1500 said 100872 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.251/255.255.255.0 10.200.1.255
Page 28
15/12/2002
set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup.6-1-1b.bin ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set vlan 2 1/1-2 set trunk 1/1 off negotiate 1-1005,1025-4094 set trunk 1/2 off negotiate 1-1005,1025-4094 ! #module 2 : 2-port 1000BaseX Supervisor set vlan 2 2/2 clear trunk 2/1 4-7,9-499,501-1005,1025-4094 set trunk 2/1 on isl 1-3,8,500 set trunk 2/2 off negotiate 1-1005,1025-4094 ! #module 3 : 16-port 1000BaseX Ethernet set vlan 2 3/1,3/10 set vlan 8 3/5 set vlan 9 3/6 set vlan 14 3/11 set vlan 15 3/12 set vlan 16 3/13 set vlan 17 3/14 set vlan 18 3/15 set vlan 19 3/16 set vlan 50 3/2-4,3/7-9 set port name 3/1 OLD_CIC_ACCESS set port name 3/2 PCLAB1_RACK1A_TRUNK set port name 3/3 PCLAB1_RACK2_TRUNK set port name 3/4 PCLAB2_RACK1_TRUNK set port name 3/5 PCLAB2_RACK2_TRUNK set port name 3/6 WKSTLAB_RACK1_TRUNK set port name 3/7 WKSTLAB_RACK2_TRUNK set port name 3/8 CRYOGENIC_TRUNK set port name 3/11 VLSI_GND_TRUNK set port name 3/12 CET_TRUNK set port name 3/13 ACADEMIC_CORE_TRUNK set port name 3/14 AdvVLSI_GND_TRUNK set port name 3/15 RCC_TRUNK set port name 3/16 NETWORK-ROOM_TRUNK clear trunk 3/1 1-1005,1025-4094 set trunk 3/1 auto negotiate clear trunk 3/2 1025-4094 set trunk 3/2 on isl 1-1005 clear trunk 3/3 1025-4094 set trunk 3/3 on isl 1-1005 clear trunk 3/4 1025-4094
set trunk 3/4 on isl 1-1005 clear trunk 3/5 1025-4094 set trunk 3/5 on isl 1-1005 set trunk 3/6 on isl 1-1005,1025-4094 clear trunk 3/7 1025-4094 set trunk 3/7 on isl 1-1005 set trunk 3/8 on isl 1-1005,1025-4094 clear trunk 3/9 2,4-37,40-1005,1025-4094 set trunk 3/9 on isl 1,3,38-39 clear trunk 3/10 1025-4094 set trunk 3/10 off isl 1-1005 clear trunk 3/11 2-34,36-1005,1025-4094 set trunk 3/11 on isl 1,35 clear trunk 3/12 2-7,9-1005,1025-4094 set trunk 3/12 on isl 1,8 set trunk 3/13 on isl 1-1005,1025-4094 set trunk 3/14 on isl 1-1005,1025-4094 set trunk 3/15 on isl 1-1005,1025-4094 set trunk 3/16 on isl 1-1005,1025-4094 ! #module 4 : 16-port 1000BaseX Ethernet set vlan 2 4/6-7,4/9-10,4/12 set vlan 9 4/16 set vlan 14 4/5 set vlan 16 4/8 set vlan 17 4/11 set vlan 18 4/15 set vlan 25 4/1-2,4/4 set vlan 40 4/14 clear trunk 4/1 1025-4094 set trunk 4/1 off isl 1-1005 clear trunk 4/2 1025-4094 set trunk 4/2 off isl 1-1005 clear trunk 4/3 3-22,25-32,34-99,101-644,646-1005,1025-4094 set trunk 4/3 on dot1q 1-2,23-24,33,100,645 clear trunk 4/4 1-11,13-1005,1025-4094 set trunk 4/4 on isl 12 set trunk 4/5 off isl 1-1005,1025-4094 clear trunk 4/6 1,3-9,11-1005,1025-4094 set trunk 4/6 on isl 2,10 clear trunk 4/7 1-5,7-1005,1025-4094 set trunk 4/7 on isl 6 clear trunk 4/8 1-1005,1025-4094 set trunk 4/8 off negotiate clear trunk 4/9 1,3-6,8-1005,1025-4094 set trunk 4/9 on isl 2,7 clear trunk 4/10 1-10,12-1005,1025-4094 set trunk 4/10 on isl 11 clear trunk 4/11 1025-4094 set trunk 4/11 off isl 1-1005 clear trunk 4/12 1,3-25,27-1005,1025-4094 set trunk 4/12 on isl 2,26
clear trunk 4/13 2,4-37,40-1005,1025-4094 set trunk 4/13 on dot1q 1,3,38-39 set trunk 4/14 off isl 1-1005,1025-4094 set trunk 4/15 off isl 1-1005,1025-4094 set trunk 4/16 off isl 1-1005,1025-4094 ! #module 5 : 8-port 1000BaseX Ethernet set port name 5/1 SIT-RACK5_TRUNK set port name 5/2 SIT-RACK3_TRUNK set port name 5/3 SIT-RACK1_TRUNK set port name 5/4 SIT-RACK4_TRUNK set port name 5/5 MEDIALAB-ROOM2_TRUNK set trunk 5/1 on isl 1-1005,1025-4094 set trunk 5/2 on isl 1-1005,1025-4094 set trunk 5/3 on isl 1-1005,1025-4094 set trunk 5/4 on isl 1-1005,1025-4094 set trunk 5/5 on isl 1-1005,1025-4094 ! #module 6 : 8-port 1000BaseX Ethernet set vlan 2 6/3,6/7 set vlan 15 6/6 set vlan 19 6/2 set trunk 6/1 on isl 1-1005,1025-4094 set trunk 6/2 off isl 1-1005,1025-4094 set trunk 6/3 off isl 1-1005,1025-4094 set trunk 6/4 on isl 1-1005,1025-4094 set trunk 6/5 on isl 1-1005,1025-4094 clear trunk 6/6 1-1005,1025-4094 set trunk 6/6 auto negotiate set trunk 6/8 on isl 1-1005,1025-4094 ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 : 1-port Multilayer Switch Feature Card end Console> (enable) Console> (enable) session 15 Trying Router-15... Connected to Router-15. Escape character is '^]'. ACADEMIC_DISTRIBUTION>en Password: Password: ACADEMIC_DISTRIBUTION#sh run Building configuration... Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime
no service password-encryption ! hostname ACADEMIC_DISTRIBUTION ! boot system flash bootflash:c6msfc2-isv-mz.121-3a.E4 enable password core1 ! ip subnet-zero ip cef distributed ip name-server 144.16.192.1 ip name-server 144.16.192.55 ! ! ! ! interface Vlan2 description ernet_vlan ip address 203.197.98.200 255.255.255.0 secondary ip address 202.141.127.200 255.255.255.0 secondary ip address 10.100.1.2 255.255.0.0 secondary ip address 144.16.197.150 255.255.240.0 ip helper-address 10.17.32.156 no ip redirects no ip unreachables ip directed-broadcast ip nat outside ! interface Vlan3 description gssst_vlan ip address 10.44.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan4 description math_vlan ip address 10.23.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan5 description cic_vlan ip address 10.1.1.10 255.255.0.0 ip helper-address 10.17.32.156 ! interface Vlan6 description vgsom ip address 10.43.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan7 description physics
ip address 10.33.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan8 description CET ip address 10.35.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan9 description chemistry ip address 10.28.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan10 description IEM ip address 10.29.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan11 description naval ip address 10.24.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan12 description aerospace ip address 10.25.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan14 description matsc ip address 10.39.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan15 description metal ip address 10.31.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan16 description mining ip address 10.32.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside !
interface Vlan17 description crf ip address 10.42.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan18 description architecture ip address 10.27.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan19 description step ip address 10.49.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan20 description GEOLOGY ip address 10.21.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan21 description RTC ip address 10.38.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan22 description HUMANITY ip address 10.30.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan23 description CRYOGENIC ip address 10.36.1.2 255.255.0.0 ip helper-address 10.17.32.156 ! interface Vlan24 description CIVIL ip address 10.19.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan25 description Agriculture_PHTC ip address 10.26.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside
! interface Vlan26 description infocell ip address 10.15.1.2 255.255.0.0 ip helper-address 10.17.32.156 ip nat inside ! interface Vlan30 description PCLAB1 ip address 10.3.18.2 255.255.255.0 ! interface Vlan31 description PCLAB2 ip address 10.3.19.2 255.255.255.0 ! interface Vlan32 description WORKSTATION ip address 10.3.124.2 255.255.255.0 ! interface Vlan33 description TERMINAL ip address 10.3.32.2 255.255.255.0 ! interface Vlan34 description STAFF ip address 10.3.132.2 255.255.255.0 ! interface Vlan35 description VLSI ip address 10.3.36.2 255.255.255.0 ! interface Vlan36 description advanced vlsi ip address 10.55.1.2 255.255.0.0 ip nat inside ! interface Vlan37 description medialab ip address 10.3.140.2 255.255.255.0 ! interface Vlan40 description SCHOOL OF MEDICAL TECHNOLOGY ip address 10.54.1.2 255.255.0.0 ip nat inside ! interface Vlan51 description LAB1_SIT ip address 10.14.1.2 255.255.255.0 ! interface Vlan52 description SERVER1s_SIT ip address 10.14.2.2 255.255.255.0
! interface Vlan53 description SERVER1p_SIT ip address 10.14.3.2 255.255.255.0 ! interface Vlan54 description LAB2_SIT ip address 10.14.4.2 255.255.255.0 ! interface Vlan55 description SERVER2s_SIT ip address 10.14.5.2 255.255.255.0 ! interface Vlan56 description SERVER2p_SIT ip address 10.14.6.2 255.255.255.0 ! interface Vlan57 description INCUBIT_SIT ip address 10.14.7.2 255.255.255.0 ! interface Vlan58 description FACULTY_SIT ip address 10.14.8.2 255.255.255.0 ! interface Vlan59 description STAFF_SIT ip address 10.14.9.2 255.255.255.0 ! interface Vlan60 description PROJECT_SIT ip address 10.14.10.2 255.255.255.0 ! interface Vlan61 description FPGA_SIT ip address 10.14.11.2 255.255.255.0 ! interface Vlan100 no ip address shutdown ! interface Vlan500 ip address 10.151.1.1 255.255.0.0 ip helper-address 10.17.32.156 ip directed-broadcast ip nat inside ! interface Vlan505 description NEWCICDIST_ACADEMICCORE ip address 10.155.1.1 255.255.255.0 ! interface Vlan506
description NEWCICDIST_SERVER2948 ip address 10.155.2.1 255.255.255.0 ! interface Vlan509 description newcicdisribution to newciccore ip address 10.200.9.2 255.255.255.0 ip nat inside ! interface Vlan872 description NewCICDist_To_RCC ip address 10.107.10.2 255.255.255.0 ! router ospf 109 log-adjacency-changes redistribute rip subnets network 10.0.0.0 0.255.255.255 area 0 ! router rip redistribute ospf 109 passive-interface Vlan509 network 10.0.0.0 network 144.16.0.0 network 202.141.127.0 network 203.197.98.0 default-metric 10 ! ip nat inside source static 10.43.1.5 144.16.192.146 ip nat inside source static 10.5.19.45 144.16.192.72 ip nat inside source static 10.55.32.81 144.16.192.112 ip nat inside source static 10.5.18.67 61.11.237.104 ip nat inside source static 10.5.18.66 61.11.237.103 ip nat inside source static 10.5.18.64 61.11.237.101 ip nat inside source static 10.5.18.65 61.11.237.102 ip nat inside source static 10.17.40.1 203.197.98.28 ip nat inside source static 10.15.1.4 144.16.192.110 ip nat inside source static 10.26.32.6 144.16.194.6 ip nat inside source static 10.26.1.4 144.16.192.121 ip nat inside source static 10.19.1.4 144.16.192.73 ip nat inside source static 10.49.32.100 144.16.200.149 ip nat inside source static 10.21.1.4 144.16.192.50 ip nat inside source static 10.25.1.5 144.16.196.219 ip nat inside source static 10.27.1.4 144.16.192.41 ip nat inside source static 10.32.1.4 144.16.192.10 ip nat inside source static 10.39.1.4 144.16.192.105 ip nat inside source static 10.25.1.4 144.16.192.113 ip nat inside source static 10.20.251.4 144.16.192.220 ip nat inside source static 10.20.1.4 144.16.192.89 ip nat inside source static 10.44.1.4 144.16.192.241 ip nat inside source static 10.43.1.4 144.16.192.145 ip nat inside source static 10.35.1.4 144.16.192.221 ip nat inside source static 10.33.1.4 144.16.192.135 ip nat inside source static 10.28.1.4 144.16.192.136
ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip ip
nat inside source static 10.29.1.4 144.16.192.147 nat inside source static 10.9.1.4 144.16.192.25 nat inside source static 10.17.32.1 144.16.195.140 nat inside source static 10.17.32.2 144.16.195.141 nat inside source static 10.17.32.3 144.16.195.142 nat inside source static 10.17.32.4 144.16.195.143 nat inside source static 10.17.32.5 144.16.195.186 nat inside source static 10.17.32.7 144.16.195.156 nat inside source static 10.17.32.8 144.16.195.170 nat inside source static 10.17.32.9 144.16.195.171 nat inside source static 10.24.1.4 144.16.192.97 nat inside source static 10.38.1.4 144.16.195.125 classless route 0.0.0.0 0.0.0.0 10.151.1.2 150 route 61.11.237.101 255.255.255.255 10.5.18.64 route 61.11.237.102 255.255.255.255 10.5.18.65 route 61.11.237.103 255.255.255.255 10.5.18.66 route 61.11.237.104 255.255.255.255 10.5.18.67 route 144.16.192.10 255.255.255.255 10.32.1.4 route 144.16.192.25 255.255.255.255 10.9.1.4 route 144.16.192.41 255.255.255.255 10.27.1.4 route 144.16.192.50 255.255.255.255 10.21.1.4 route 144.16.192.72 255.255.255.255 10.5.19.45 route 144.16.192.73 255.255.255.255 10.19.1.4 route 144.16.192.89 255.255.255.255 10.20.1.4 route 144.16.192.97 255.255.255.255 10.24.1.4 route 144.16.192.105 255.255.255.255 10.39.1.4 route 144.16.192.110 255.255.255.255 10.15.1.4 route 144.16.192.112 255.255.255.255 10.55.32.81 route 144.16.192.113 255.255.255.255 10.25.1.4 route 144.16.192.121 255.255.255.255 10.26.1.4 route 144.16.192.135 255.255.255.255 10.33.1.4 route 144.16.192.136 255.255.255.255 10.28.1.4 route 144.16.192.145 255.255.255.255 10.43.1.4 route 144.16.192.146 255.255.255.255 10.43.1.5 route 144.16.192.147 255.255.255.255 10.29.1.4 route 144.16.192.220 255.255.255.255 10.20.251.4 route 144.16.192.221 255.255.255.255 10.35.1.4 route 144.16.192.241 255.255.255.255 10.44.1.4 route 144.16.194.6 255.255.255.255 10.26.32.6 route 144.16.195.125 255.255.255.255 10.38.1.4 route 144.16.195.140 255.255.255.255 10.17.32.1 route 144.16.195.141 255.255.255.255 10.17.32.2 route 144.16.195.142 255.255.255.255 10.17.32.3 route 144.16.195.143 255.255.255.255 10.17.32.4 route 144.16.195.156 255.255.255.255 10.17.32.7 route 144.16.195.170 255.255.255.255 10.17.32.8 route 144.16.195.171 255.255.255.255 10.17.32.9 route 144.16.195.186 255.255.255.255 10.17.32.5 route 144.16.196.219 255.255.255.255 10.25.1.5 route 144.16.200.149 255.255.255.255 10.49.32.100 route 144.16.204.0 255.255.255.0 10.151.1.2
Page 38 15/12/2002
ip route 144.16.205.0 255.255.255.0 10.151.1.2 ip route 203.197.98.28 255.255.255.255 10.17.40.1 no ip http server ! ! line con 0 transport input none line vty 0 3 login line vty 4 password core1 login ! end
Page 39
15/12/2002
(C) Hostel CORE-1 Cisco Catalyst 6509 Switch:

Console> (enable) sh config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. .................. .................. .................. .................. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu Dec 19 2002, 03:33:41 ! #version 6.1(3) ! ! #system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A DK: 40 ! set password $2$6N5L$LZX0ZPI5zI1MPfvOBqkhB. set enablepass $2$2G43$TSmhaizDkCW.eVKSrR.kO1 ! #errordetection set errordetection portcounter enable ! #! #vtp set vtp domain IITKGP set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active set vlan 3 name gsst type ethernet mtu 1500 said 100003 state active set vlan 8 name CET type ethernet mtu 1500 said 100008 state active set vlan 24 name civil type ethernet mtu 1500 said 100024 state active set vlan 100 name CICSERVER type ethernet mtu 1500 said 100100 state active set vlan 498 name interdep1 type ethernet mtu 1500 said 100498 state active set vlan 499 name interdep2 type ethernet mtu 1500 said 100499 state active set vlan 500 name Dist_CIC type ethernet mtu 1500 said 100500 state active set vlan 501 name dist_elec type ethernet mtu 1500 said 100501 state active set vlan 502 name dist_lib type ethernet mtu 1500 said 100502 state active set vlan 503 name core_csc type ethernet mtu 1500 said 100503 state active set vlan 504 name core_mech type ethernet mtu 1500 said 100504 state active set vlan 505 name core_newcicdist type ethernet mtu 1500 said 100505 state activ e set vlan 508 name newcic_core2 type ethernet mtu 1500 said 100508 state active set vlan 605 name serverfarm type ethernet mtu 1500 said 100605 state active set vlan 610 name academic_foundationcore1 type ethernet mtu 1500 said 100610 st ate active set vlan 611 name azad_foundationcore1 type ethernet mtu 1500 said 100611 state
active set vlan active set vlan active set vlan tive set vlan ctive set vlan ctive set vlan tive set vlan tive set vlan tive set vlan ctive set vlan ctive set vlan ctive set vlan set vlan
613 name nehru_foundationcore1 type ethernet mtu 1500 said 100613 state 615 name patel_fundationcore1 type ethernet mtu 1500 said 100615 state 617 name hb_foundationcore1 type ethernet mtu 1500 said 100617 state ac 619 name jcb_foundationcore1 type ethernet mtu 1500 said 100619 state a 621 name llr_foundationcore1 type ethernet mtu 1500 said 100621 state a 623 name vs_foundationcore1 type ethernet mtu 1500 said 100623 state ac 627 name rk_foundationcore1 type ethernet mtu 1500 said 100627 state ac 629 name rp_foundationcore1 type ethernet mtu 1500 said 100629 state ac 631 name bcr_foundationcore1 type ethernet mtu 1500 said 100631 state a 633 name mbm_foundationcore1 type ethernet mtu 1500 said 100633 state a 635 name ig_foundationcore1\ type ethernet mtu 1500 said 100635 state a 640 name hallserver type ethernet mtu 1500 said 100640 state active 641 name content_engine type ethernet mtu 1500 said 100641 state active
set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active set vlan 761 name RP type ethernet mtu 1500 said 100761 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 7 stemaxhop 7 backupcrf off ! #ip set interface sc0 1 10.200.1.250/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin ! #qos set qos enable set qos policed-dscp-map 0,32:0 set qos policed-dscp-map 1:1 set qos policed-dscp-map 2:2 set qos policed-dscp-map 3:3 set qos policed-dscp-map 4:4
set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set set
qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos qos
policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map policed-dscp-map
5:5 6:6 7:7 8:8 9:9 10:10 11:11 12:12 13:13 14:14 15:15 16:16 17:17 18:18 19:19 20:20 21:21 22:22 23:23 24:24 25:25 26:26 27:27 28:28 29:29 30:30 31:31 33:33 34:34 35:35 36:36 37:37 38:38 39:39 40:40 41:41 42:42 43:43 44:44 45:45 46:46 47:47 48:48 49:49 50:50 51:51 52:52 53:53 54:54 55:55 56:56 57:57
Page 42 15/12/2002
set qos policed-dscp-map 58:58 set qos policed-dscp-map 59:59 set qos policed-dscp-map 60:60 set qos policed-dscp-map 61:61 set qos policed-dscp-map 62:62 set qos policed-dscp-map 63:63 set qos policer aggregate qos_tcp rate 480000 policed-dscp erate 480000 drop bur st 32000 set qos policer aggregate qos_udp rate 320000 policed-dscp erate 320000 drop bur st 32000 set qos policer aggregate QPM_3_6 rate 0 policed-dscp erate 0 drop burst 32 ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor ! #module 2 : 2-port 1000BaseX Supervisor ! #module 3 : 16-port 1000BaseX Ethernet clear trunk 3/1 1025-4094 set trunk 3/1 on isl 1-1005 clear trunk 3/2 1025-4094 set trunk 3/2 on isl 1-1005 clear trunk 3/3 1025-4094 set trunk 3/3 on isl 1-1005 clear trunk 3/4 1025-4094 set trunk 3/4 on isl 1-1005 clear trunk 3/5 1025-4094 set trunk 3/5 on isl 1-1005 set trunk 3/6 on isl 1-1005,1025-4094 set trunk 3/7 on isl 1-1005,1025-4094 set trunk 3/8 on isl 1-1005,1025-4094 set trunk 3/9 on isl 1-1005,1025-4094 set trunk 3/10 on isl 1-1005,1025-4094 set trunk 3/11 on isl 1-1005,1025-4094 set trunk 3/12 on isl 1-1005,1025-4094 set trunk 3/13 on isl 1-1005,1025-4094 set trunk 3/15 on isl 1-1005,1025-4094 set trunk 3/16 on isl 1-1005,1025-4094 set port qos 3/1-12 vlan-based ! #module 4 empty ! #module 5 : 0-port Switch Fabric Module ! #module 6 : 0-port Switch Fabric Module ! #module 7 empty ! #module 8 empty !
#module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 : 1-port Multilayer Switch Feature Card end Console> (enable) Console> (enable) session 15 Trying Router-15... Connected to Router-15. Escape character is '^]'. User Access Verification Password: HOSTEL_CORE1>en Password: HOSTEL_CORE1#sh run Building configuration... Current configuration: ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname HOSTEL_CORE1 ! boot system flash bootflash:c6msfc2-is-mz.121-3a.E4 enable secret 5 $1$xC32$s16mUY/jmUbObKNDXjXgV. enable password line test ! ip subnet-zero ip cef ! ip multicast-routing redundancy high-availability config-sync ! ! ! interface Vlan1 ip address 10.200.2.2 255.255.255.0 secondary alt ip address 10.200.2.210 255.2 55.255.0 secondary ip address 10.200.1.2 255.255.255.0 alt ip address 10.200.1.210 255.255.255.0 no ip redirects no ip unreachables ! interface Vlan505
description Academic Core to New CIC Distribution ip address 10.155.1.2 255.255.255.0 alt ip address 10.155.1.3 255.255.255.0 ! interface Vlan508 description Academic Core to New CIC Core ip address 10.200.8.2 255.255.255.0 alt ip address 10.200.8.3 255.255.255.0 ip pim dense-mode ! interface Vlan610 description academic 3/16 to foundation core1 ip address 10.200.10.2 255.255.255.0 alt ip address 10.200.10.3 255.255.255.0 ip helper-address 10.17.32.156 ip directed-broadcast ip pim dense-mode ! interface Vlan611 description AZAD TO FOUNDATION CORE1 ip address 10.200.11.1 255.255.255.0 alt ip address 10.200.11.3 255.255.255.0 ip pim dense-mode ! interface Vlan613 description NEHRU TO FOUNDATION CORE1 ip address 10.200.13.1 255.255.255.0 alt ip address 10.200.13.3 255.255.255.0 ip pim dense-mode ! interface Vlan615 description PATEL TO FOUNDATION CORE1 ip address 10.200.15.1 255.255.255.0 alt ip address 10.200.15.3 255.255.255.0 ip pim dense-mode ! interface Vlan617 description HB TO FOUNDATION CORE1 ip address 10.200.17.1 255.255.255.0 alt ip address 10.200.17.3 255.255.255.0 ip pim dense-mode ! interface Vlan619 description JCB TO FOUNDATION CORE1 ip address 10.200.19.1 255.255.255.0 alt ip address 10.200.19.3 255.255.255.0 ip pim dense-mode ! interface Vlan621 description LLR TO HOSTEL_CORE1 ip address 10.200.21.1 255.255.255.0 alt ip address 10.200.21.3 255.255.255.0 ip pim dense-mode ! interface Vlan623 description VS TO HOSTEL_CORE1 ip address 10.200.23.1 255.255.255.0 alt ip address 10.200.23.3 255.255.255.0 ip pim dense-mode ! interface Vlan627 description RK TO HOSTEL_CORE1
ip address 10.200.27.1 255.255.255.0 alt ip address 10.200.27.3 255.255.255.0 ip pim dense-mode ! interface Vlan629 description RP TO HOSTEL_CORE1 ip address 10.200.29.1 255.255.255.0 alt ip address 10.200.29.3 255.255.255.0 ip pim dense-mode ! interface Vlan631 description BCR TO HOSTEL_CORE1 ip address 10.200.31.1 255.255.255.0 alt ip address 10.200.31.3 255.255.255.0 ip pim dense-mode ! interface Vlan633 description CORE1 3/12 TO MBM DISTRIBUTION VLAN ip address 10.200.33.1 255.255.255.0 alt ip address 10.200.33.3 255.255.255.0 ip pim dense-mode ! interface Vlan635 description IG TO FOUNDATION CORE1 ip address 10.200.35.1 255.255.255.0 alt ip address 10.200.35.3 255.255.255.0 ip pim dense-mode ! interface Vlan640 description SERVER VLAN ip address 10.129.100.2 255.255.255.0 alt ip address 10.129.100.3 255.255.255.0 ! router ospf 109 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip classless ip route 10.100.11.225 255.255.255.255 10.200.8.1 no ip http server ! ! line con 0 transport input none line vty 0 4 password core1 login ! end
Page 46
15/12/2002
(D) Hostel CORE-2 Cisco Catalyst 6509 Switch:

Console> (enable) sh run Unknown command "show run". Use 'show help' for more info. Console> (enable) sh config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. .................. .................. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu Dec 19 2002, 03:41:47 ! #version 6.1(3) ! ! #system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A DK: 40 ! set password $2$bJyL$x1Ypmg4x8qkDz5p7o0T6t. set enablepass $2$xEvD$5AcnVDw3l.c87KWIdgnMn/ ! #errordetection set errordetection portcounter enable ! #! #vtp set vtp domain FOUNDATION_CORE2 set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 2 name ernet type ethernet mtu 1500 said 100002 state active set vlan 3 name gssst type ethernet mtu 1500 said 100003 state active set vlan 8 name cet type ethernet mtu 1500 said 100008 state active set vlan 24 name civil type ethernet mtu 1500 said 100024 state active set vlan 100 name cicserver type ethernet mtu 1500 said 100100 state active set vlan 498 name interdep1 type ethernet mtu 1500 said 100498 state active set vlan 499 name interdep2 type ethernet mtu 1500 said 100499 state active set vlan 500 name dist_cic type ethernet mtu 1500 said 100500 state active set vlan 501 name dist_elec type ethernet mtu 1500 said 100501 state active set vlan 502 name library type ethernet mtu 1500 said 100502 state active set vlan 503 name core_csc type ethernet mtu 1500 said 100503 state active set vlan 504 name core_mech type ethernet mtu 1500 said 100504 state active set vlan 507 name newcic_core type ethernet mtu 1500 said 100507 state active set vlan 605 name serverfarm type ethernet mtu 1500 said 100605 state active set vlan 610 name ACADEMIC_FOUNDATIONCORE1 type ethernet mtu 1500 said 100610 st ate active set vlan 611 name AZAD_FOUNDATIONCORE1 type ethernet mtu 1500 said 100611 state
active set vlan active set vlan active set vlan active set vlan active set vlan active set vlan tive set vlan ctive set vlan ctive set vlan ctive set vlan ctive set vlan tive set vlan tive set vlan e active set vlan tive set vlan tive set vlan tive set vlan tive set vlan tive set vlan ctive set vlan ctive set vlan set vlan ctive set vlan tive set vlan tive set vlan set vlan
612 name AZAD_FOUNDATIONCORE2 type ethernet mtu 1500 said 100612 state 613 name NEHRU_FOUNDATIONCORE1 type ethernet mtu 1500 said 100613 state 614 name NEHRU_FOUNDATIONCORE2 type ethernet mtu 1500 said 100614 state 615 name PATEL_FOUNDATIONCORE1 type ethernet mtu 1500 said 100615 state 616 name PATEL_FOUNDATIONCORE2 type ethernet mtu 1500 said 100616 state 617 name HB_FOUNDATIONCORE1 type ethernet mtu 1500 said 100617 state ac 619 name JCB_FOUNDATIONCORE1 type ethernet mtu 1500 said 100619 state a 620 name JCB_FOUNDATIONCORE2 type ethernet mtu 1500 said 100620 state a 621 name LLR_FOUNDATIONCORE1 type ethernet mtu 1500 said 100621 state a 622 name LLR_FOUNDATIONCORE2 type ethernet mtu 1500 said 100622 state a 623 name VS_FOUNDATIONCORE1 type ethernet mtu 1500 said 100623 state ac 624 name VS_FOUNDATIONCORE2 type ethernet mtu 1500 said 100624 state ac 625 name GOKHEL_FOUNDATIONCORE1 type ethernet mtu 1500 said 100625 stat 626 name HB_FOUNDATIONCORE2 type ethernet mtu 1500 said 100626 state ac 627 name RK_FOUNDATIONCORE1 type ethernet mtu 1500 said 100627 state ac 628 name RK_FOUNDATIONCORE2 type ethernet mtu 1500 said 100628 state ac 629 name RP_FOUNDATIONCORE1 type ethernet mtu 1500 said 100629 state ac 630 name RP_FOUNDATIONCORE2 type ethernet mtu 1500 said 100630 state ac 631 name BCR_FOUNDATIONCORE1 type ethernet mtu 1500 said 100631 state a 632 name BCR_FOUNDATIONCORE2 type ethernet mtu 1500 said 100632 state a 633 name CORE1_MBM type ethernet mtu 1500 said 100633 state active 634 name MBM_FOUNDATIONCORE2 type ethernet mtu 1500 said 100634 state a 635 name IG_FOUNDATIONCORE1 type ethernet mtu 1500 said 100635 state ac 636 name IG_FOUNDATIONCORE2 type ethernet mtu 1500 said 100636 state ac 640 name server type ethernet mtu 1500 said 100640 state active 641 name content_engine type ethernet mtu 1500 said 100641 state active
set vlan 645 name THAICOM type ethernet mtu 1500 said 100645 state active
set vlan 650 name firewall type ethernet mtu 1500 said 100650 state active set vlan 900 name TEST type ethernet mtu 1500 said 100900 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 760-761,776,847,871 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.254/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #dns set ip dns server 10.128.2.2 primary set ip dns enable set ip dns domain net.iitkgp.ernet.in ! #set boot command set boot config-register 0x102 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin ! #mls set mls statistics protocol 0 set mls nde flow include source 10.200.1.254/255.255.255.255 destination 10.200. 1.200/255.255.255.255 ! #qos set qos enable set qos policer aggregate qos_tcp1 rate 480000 policed-dscp erate 480000 drop bu rst 32000 set qos policer aggregate qos_udp1 rate 320000 policed-dscp erate 320000 drop bu rst 32000 clear qos acl all #qos_vlan1 set qos acl ip qos_vlan1 dscp 0 aggregate qos_tcp1 tcp any any set qos acl ip qos_vlan1 dscp 0 aggregate qos_udp1 udp any any # commit qos acl all # set qos acl map qos_vlan1 612,614,616,620,622,624,626,628,630,632,634,636 ! #port channel set port channel 2/1-2 781 ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor
set vlan 650 1/1 set udld enable 1/1-2 set trunk 1/2 on isl 1-1005,1025-4094 set port qos 1/2 vlan-based ! #module 2 : 2-port 1000BaseX Supervisor set trunk 2/1 on isl 1-1005,1025-4094 set trunk 2/2 on isl 1-1005,1025-4094 set port channel 2/1-2 mode on #module 3 empty ! #module 4 : 16-port 1000BaseX Ethernet set udld enable 4/6,4/8,4/10,4/12,4/15-16 set trunk 4/1 on isl 1-1005,1025-4094 set trunk 4/2 on isl 1-1005,1025-4094 set trunk 4/3 on isl 1-1005,1025-4094 set trunk 4/4 on isl 1-1005,1025-4094 set trunk 4/5 on isl 1-1005,1025-4094 set trunk 4/6 on isl 1-1005,1025-4094 set trunk 4/7 on isl 1-1005,1025-4094 set trunk 4/8 on isl 1-1005,1025-4094 ! #module 5 : 0-port Switch Fabric Module ! #module 6 : 0-port Switch Fabric Module ! #module 7 empty ! #module 8 empty ! #module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 : 1-port Multilayer Switch Feature Card end Console> (enable) Console> (enable) session 15 Trying Router-15... Connected to Router-15. Escape character is '^]'. HOSTEL_CORE2>en HOSTEL_CORE2#sh run Building configuration... Current configuration: ! ! No configuration change since last restart ! version 12.1 service timestamps debug uptime
service timestamps log uptime no service password-encryption ! hostname HOSTEL_CORE2 boot system flash bootflash:c6msfc2-is-mz.121-3a.E4 ! clock calendar-valid ip subnet-zero ip cef ! ip multicast-routing redundancy high-availability config-sync ! interface Vlan507 description Foundation Core1 to New CIC Core ip address 10.200.7.2 255.255.255.0 alt ip address 10.200.7.3 255.255.255.0 ip pim dense-mode ! interface Vlan612 description AZAD TO FOUNDATION CORE2 ip address 10.200.12.1 255.255.255.0 alt ip address 10.200.12.3 255.255.255.0 ! interface Vlan614 description NEHRU TO FOUNDATION CORE2 ip address 10.200.14.1 255.255.255.0 alt ip address 10.200.14.3 255.255.255.0 ! interface Vlan616 description PATEL TO FOUNDATION CORE2 ip address 10.200.16.1 255.255.255.0 alt ip address 10.200.16.3 255.255.255.0 ! interface Vlan620 description JCB TO FOUNDATION CORE2 ip address 10.200.20.1 255.255.255.0 alt ip address 10.200.20.3 255.255.255.0 ip pim dense-mode ! interface Vlan622 description LLR TO FOUNDATION CORE2 ip address 10.200.22.1 255.255.255.0 alt ip address 10.200.22.3 255.255.255.0 ! interface Vlan624 description VS TO FOUNDATION CORE2 ip address 10.200.24.1 255.255.255.0 alt ip address 10.200.24.3 255.255.255.0 ! interface Vlan626 description HB TO FOUNDATION CORE2 ip address 10.200.26.1 255.255.255.0 alt ip address 10.200.26.3 255.255.255.0 ! interface Vlan628 description RK TO FOUNDATIONCORE2 ip address 10.200.28.1 255.255.255.0 alt ip address 10.200.28.3 255.255.255.0
! interface Vlan630 description RP TO FOUNDATION CORE2 ip address 10.200.30.1 255.255.255.0 alt ip address 10.200.30.3 255.255.255.0 ! interface Vlan632 description BCR TO FOUNDATION CORE2 ip address 10.200.32.1 255.255.255.0 alt ip address 10.200.32.3 255.255.255.0 ! interface Vlan634 description MBM TO FOUNDATION CORE2 ip address 10.200.34.1 255.255.255.0 alt ip address 10.200.34.3 255.255.255.0 ! interface Vlan636 description IG TO FOUNDATION CORE2 ip address 10.200.36.1 255.255.255.0 alt ip address 10.200.36.3 255.255.255.0 ! interface Vlan900 ip address 10.51.1.2 255.255.255.0 alt ip address 10.51.1.3 255.255.255.0 ! router ospf 109 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 ! ip classless no ip http server ! access-list 10 permit 10.51.1.100 access-list 10 permit 10.51.1.101 access-list 160 permit ip 10.107.15.0 0.0.0.255 any access-list 160 permit ip 10.107.10.0 0.0.0.255 any access-list 160 permit ip 144.16.0.0 0.0.255.255 any access-list 160 permit ip 10.0.0.0 0.63.255.255 any access-list 160 permit ip 10.128.0.0 0.127.255.255 any access-list 160 permit ip 10.96.0.0 0.31.255.255 any time-range halltime access-list 160 permit ip 61.11.251.0 0.0.0.255 any access-list 160 permit ip 203.192.37.0 0.0.0.255 any ! line con 0 transport input none line vty 0 4 login ! time-range halltime periodic weekdays 17:00 to 23:59 periodic weekdays 0:00 to 8:00 periodic weekend 0:00 to 23:59 ! end
Page 52
15/12/2002
(E) THAICOM Gateway Router Cisco 7507:

Router#sh run Building configuration... Current configuration : 5445 bytes ! ! No configuration change since last restart ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption no service single-slot-reload-enable ! hostname Router ! enable secret 5 $1$r1XD$UyWDrgbaCS7/iYGMXobyu0 ! clock calendar-valid ip subnet-zero ip wccp web-cache ! ip cef distributed ! class-map match-all Upstream_control match access-group 108 class-map match-all Downstream_control match access-group 107 class-map match-all hostel_weekend match access-group 105 class-map match-all academic_weekend match access-group 106 class-map match-all academic_daytime match access-group 102 class-map match-all academic_nighttime match access-group 104 class-map match-all hostel_daytime match access-group 101 class-map match-all hostel_nighttime match access-group 103 ! ! policy-map bw_control class academic_nighttime police 496000 124000 124000 conform-action transmit exceed-action drop class academic_weekend police 496000 124000 124000 conform-action transmit exceed-action drop class hostel_daytime police 496000 124000 124000 conform-action transmit exceed-action drop class hostel_nighttime
police 3496000 874000 874000 conform-action transmit exceed-action drop class hostel_weekend police 3496000 874000 874000 conform-action transmit exceed-action drop class academic_daytime police 3496000 874000 874000 conform-action transmit exceed-action drop policy-map academic_daytime policy-map CET_BW_Downstream class Downstream_control police 128000 4000 4000 conform-action transmit exceed-action drop policy-map CET_BW_Upstream class Upstream_control police 128000 4000 4000 conform-action transmit exceed-action drop ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet1/0/0 description CONNECTION TO DVB RECEIVER ip address 61.11.237.254 255.255.255.252 ip route-cache flow half-duplex ! interface Serial1/1/0 ip address 203.192.34.226 255.255.255.252 ip wccp web-cache redirect out no keepalive no fair-queue ignore-dcd serial restart-delay 0 ! interface Serial1/1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/1/3 no ip address shutdown serial restart-delay 0 ! interface FastEthernet4/0/0
ip address 61.11.237.1 255.255.255.128 ip route-cache same-interface half-duplex ! interface Hssi4/1/0 no ip address shutdown serial restart-delay 0 ! interface Hssi4/1/1 no ip address shutdown serial restart-delay 0 ! ip classless ip route 0.0.0.0 0.0.0.0 Serial1/1/0 ip route 10.0.0.0 255.0.0.0 61.11.237.3 ip route 61.11.251.0 255.255.255.0 61.11.237.3 ip route 202.131.126.0 255.255.255.0 61.11.237.3 ip route 202.131.127.0 255.255.255.0 61.11.237.3 ip route 203.192.37.0 255.255.255.0 61.11.237.3 no ip http server ip pim bidir-enable ! access-list 10 permit 10.51.1.100 access-list 10 permit 10.51.1.101 access-list 101 permit ip any 10.96.0.0 0.31.255.255 time-range daytime access-list 102 permit ip any 10.0.0.0 0.63.255.255 time-range daytime access-list 102 permit ip any 144.16.0.0 0.0.255.255 time-range daytime access-list 102 permit ip any 192.0.0.0 0.255.255.255 time-range daytime access-list 102 permit ip any 10.128.0.0 0.127.255.255 time-range daytime access-list 103 permit ip any 10.96.0.0 0.31.255.255 time-range nighttime access-list 104 permit ip any 10.0.0.0 0.63.255.255 time-range nighttime access-list 104 permit ip any 10.128.0.0 0.127.255.255 time-range nighttime access-list 104 permit ip any 144.16.0.0 0.0.255.255 time-range nighttime access-list 104 permit ip any 192.0.0.0 0.255.255.255 time-range nighttime access-list 105 permit ip any 10.96.0.0 0.31.255.255 time-range weekend access-list 106 permit ip any 10.0.0.0 0.63.255.255 time-range weekend access-list 106 permit ip any 144.16.0.0 0.0.255.255 time-range weekend access-list 106 permit ip any 192.0.0.0 0.255.255.255 time-range weekend access-list 106 permit ip any 10.128.0.0 0.127.255.255 time-range weekend access-list 107 permit ip any host 61.11.237.110 access-list 108 permit ip host 61.11.237.110 any access-list 120 permit ip any host 61.11.237.12 access-list 121 permit ip any host 61.11.237.13 access-list 170 permit ip 10.107.15.0 0.0.0.255 any access-list 170 permit ip 10.107.10.0 0.0.0.255 any access-list 170 permit ip 144.16.0.0 0.0.255.255 any access-list 170 permit ip 10.0.0.0 0.63.255.255 any access-list 170 permit ip 10.128.0.0 0.127.255.255 any access-list 170 permit ip 10.96.0.0 0.31.255.255 any time-range halltime access-list 170 permit ip 61.11.251.0 0.0.0.255 any
access-list 170 permit ip 203.192.37.0 0.0.0.255 any access-list 170 permit ip 192.168.1.0 0.0.0.255 any access-list 170 permit ip 61.11.237.0 0.0.0.255 any access-list 170 permit ip 202.131.36.0 0.0.0.255 any access-list 170 permit ip 202.131.126.0 0.0.0.255 any access-list 170 permit ip 202.131.127.0 0.0.0.255 any snmp-server engineID local 000000090200000652D67020 snmp-server community public RO ! ! ! line con 0 line aux 0 line vty 0 3 password dalmia12 login line vty 4 login ! time-range daytime periodic weekdays 8:00 to 17:00 ! time-range halltime periodic weekdays 17:00 to 23:59 periodic weekdays 0:00 to 8:00 periodic weekend 0:00 to 23:59 ! time-range nighttime periodic weekdays 17:00 to 23:59 periodic weekdays 0:00 to 7:59 ! time-range weekend periodic weekend 0:00 to 23:59 ! end
Page 56
15/12/2002
(F) Cisco PIX Firewall with Failover:

pixfirewall# write terminal Building configuration... : Saved : PIX Version 6.2(2) nameif ethernet0 outside security0 nameif ethernet1 intf2 security10 nameif gb-ethernet0 inside security100 nameif ethernet2 intf3 security15 nameif ethernet3 intf4 security20 nameif ethernet4 intf5 security25 nameif ethernet5 intf6 security30 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 no names access-list acl_out permit icmp any any access-list acl_out permit ip any host 61.11.237.101 access-list acl_out permit ip any host 61.11.237.102 access-list acl_out permit ip any host 61.11.237.103 access-list acl_out permit ip any host 61.11.237.104 access-list acl_out permit ip any host 61.11.237.18 access-list acl_out permit ip any host 61.11.237.20 access-list acl_out permit ip any host 61.11.237.110 access-list acl_out permit ip any host 61.11.237.105 access-list acl_out permit ip any host 61.11.237.106 access-list acl_in permit icmp any any access-list acl_in permit ip host 10.129.100.190 any access-list acl_in permit ip host 10.5.18.64 any access-list acl_in permit ip host 10.5.18.65 any access-list acl_in permit ip host 10.5.18.66 any access-list acl_in permit ip host 10.5.18.67 any access-list acl_in permit ip host 10.107.10.101 any access-list acl_in deny tcp any host 64.71.146.185 eq www access-list acl_in permit ip any host 61.11.237.1 access-list acl_in permit ip host 10.128.2.2 any access-list acl_in permit ip host 144.16.204.5 any access-list acl_in permit ip host 144.16.192.55 any access-list acl_in permit ip any host 61.11.237.4
access-list acl_in permit ip host 10.200.1.200 any access-list acl_in permit tcp any any eq www access-list acl_in permit tcp any any eq https access-list acl_in permit ip host 10.3.140.14 any access-list acl_in permit ip host 61.11.251.101 any access-list acl_in permit ip host 61.11.251.102 any access-list acl_in permit ip host 144.16.204.2 any access-list acl_in permit tcp any any eq 210 access-list acl_in permit ip host 10.24.32.22 any pager lines 24 logging host inside 10.250.1.100 interface ethernet0 10baset interface ethernet1 10baset interface gb-ethernet0 1000sxfull interface ethernet2 10baset interface ethernet3 10baset interface ethernet4 10baset interface ethernet5 10baset mtu outside 1500 mtu intf2 1500 mtu inside 1500 mtu intf3 1500 mtu intf4 1500 mtu intf5 1500 mtu intf6 1500 ip address outside 61.11.237.3 255.255.255.128 ip address intf2 172.16.2.1 255.255.255.0 ip address inside 10.250.1.2 255.255.255.0 ip address intf3 172.16.3.1 255.255.255.0 ip address intf4 172.16.4.1 255.255.255.0 ip address intf5 172.16.5.1 255.255.255.0 ip address intf6 172.16.6.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm failover failover timeout 0:00:00 failover poll 15 failover ip address outside 61.11.237.2 failover ip address intf2 172.16.2.2 failover ip address inside 10.250.1.3 failover ip address intf3 172.16.3.2 failover ip address intf4 172.16.4.2 failover ip address intf5 172.16.5.2 failover ip address intf6 172.16.6.2 pdm history enable arp timeout 14400 global (outside) 1 61.11.237.14 global (outside) 2 61.11.237.15 global (outside) 3 61.11.237.13 global (outside) 4 61.11.237.16 nat (inside) 0 61.11.251.0 255.255.255.0 0 0 nat (inside) 0 202.131.126.0 255.255.255.0 0 0
nat (inside) 0 202.131.127.0 255.255.255.0 0 0 nat (inside) 0 203.192.37.0 255.255.255.0 0 0 nat (inside) 2 144.16.192.0 255.255.240.0 0 0 nat (inside) 1 10.96.0.0 255.224.0.0 0 0 nat (inside) 3 10.0.0.0 255.192.0.0 0 0 nat (inside) 4 10.128.0.0 255.128.0.0 0 0 static (inside,outside) 61.11.237.18 10.128.2.2 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.20 144.16.204.5 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.101 10.5.18.64 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.102 10.5.18.65 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.103 10.5.18.66 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.104 10.5.18.67 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.110 10.35.32.91 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.105 10.3.140.14 netmask 255.255.255.255 0 0 static (inside,outside) 61.11.237.106 10.200.1.253 netmask 255.255.255.255 0 0 access-group acl_out in interface outside access-group acl_in in interface inside route outside 0.0.0.0 0.0.0.0 61.11.237.1 1 route inside 10.0.0.0 255.0.0.0 10.250.1.4 1 route inside 61.11.251.0 255.255.255.0 10.250.1.4 1 route inside 144.16.192.0 255.255.240.0 10.250.1.4 1 route inside 202.131.126.0 255.255.255.0 10.250.1.4 1 route inside 202.131.127.0 255.255.255.0 10.250.1.4 1 route inside 203.192.37.0 255.255.255.0 10.250.1.4 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute uauth 0:04:00 inactivity aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps no floodguard enable no sysopt route dnat telnet 10.250.1.100 255.255.255.255 inside telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:9be391a075cae827d7c1da9b5e040b6b : end [OK]
Page 59
15/12/2002
(G) Cisco Catalyst 5509 VSNL Router:

sh run Building configuration... Current configuration: ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname vmerry ! enable secret 5 $1$85RL$Q3n/PXK68HlDyMMA9iFV0/ enable password catalyst ! ip name-server 203.197.98.5 ip name-server 202.54.9.1 ip name-server 202.54.8.1 ip name-server 202.141.127.2 ! interface Serial0/0 ip address 202.54.55.165 255.255.255.252 ip access-group 117 in ip access-group 115 out no ip directed-broadcast no ip proxy-arp ip accounting output-packets no logging event subif-link-status bandwidth 2000 tx-queue-limit 32767 fair-queue 1000 256 0 transmit-buffers backing-store hold-queue 1000 in hold-queue 1000 out ! interface Serial0/1 ip address 202.54.55.165 255.255.255.252 ip access-group 115 out ip accounting output-packets no logging event subif-link-status bandwidth 2048 shutdown no fair-queue ! interface Serial0/2 no ip address no logging event subif-link-status shutdown ! interface Serial0/3 no ip address
no logging event subif-link-status shutdown ! interface Vlan1 ip address 202.141.127.100 255.255.255.0 secondary ip address 203.197.98.1 255.255.255.0 secondary ip address 144.16.192.3 255.255.224.0 ip access-group 117 out no ip directed-broadcast no logging event subif-link-status bandwidth 1000000 hold-queue 1000 in hold-queue 1000 out ! interface Vlan2 no ip address no logging event subif-link-status shutdown ! router igrp 1 redistribute static network 202.141.127.0 network 203.197.98.0 ! no ip classless ip default-network 0.0.0.0 ip route 0.0.0.0 0.0.0.0 202.54.55.166 ip route 10.0.0.0 255.0.0.0 Vlan1 ip route 144.16.0.0 255.255.0.0 202.54.55.166 ip route 144.16.193.0 255.255.255.0 Vlan1 ip route 144.16.194.0 255.255.255.0 Vlan1 ip route 144.16.195.0 255.255.255.0 Vlan1 ip route 144.16.196.0 255.255.255.0 Vlan1 ip route 144.16.197.0 255.255.255.0 Vlan1 ip route 144.16.198.0 255.255.255.0 Vlan1 ip route 144.16.199.0 255.255.255.0 Vlan1 ip route 144.16.200.0 255.255.255.0 Vlan1 ip route 144.16.201.0 255.255.255.0 Vlan1 ip route 144.16.202.0 255.255.255.0 Vlan1 ip route 144.16.203.0 255.255.255.0 Vlan1 ip route 144.16.204.0 255.255.255.0 Vlan1 ip route 144.16.205.0 255.255.255.0 Vlan1 ip route 144.16.206.0 255.255.255.0 Vlan1 ip route 144.16.207.0 255.255.255.0 Vlan1 ip route 202.141.127.0 255.255.255.0 Vlan1 ip route 203.197.98.0 255.255.255.0 Vlan1 access-list 115 permit ip host 203.197.98.2 any access-list 115 permit ip host 203.197.98.3 any access-list 115 permit ip host 203.197.98.4 any access-list 115 permit ip host 203.197.98.5 any access-list 115 permit ip host 203.197.98.1 any access-list 115 permit ip host 203.197.98.9 any
access-list 115 permit ip host 203.197.98.10 any access-list 115 permit ip host 203.197.98.11 any access-list 115 permit ip host 203.197.98.20 any access-list 115 permit ip host 203.197.98.21 any access-list 115 permit ip host 203.197.98.22 any access-list 115 permit ip host 203.197.98.23 any access-list 115 permit ip host 203.197.98.24 any access-list 115 permit ip host 203.197.98.25 any access-list 115 permit ip host 203.197.98.26 any access-list 115 permit ip host 203.197.98.27 any access-list 115 permit ip host 203.197.98.28 any access-list 115 permit ip host 203.197.98.201 any access-list 115 permit ip host 203.197.98.131 any access-list 115 permit ip host 202.141.127.2 any access-list 115 permit ip host 202.141.127.3 any access-list 115 permit ip host 202.141.127.4 any access-list 115 permit ip host 202.141.127.8 any access-list 115 permit ip host 202.141.127.11 any access-list 115 permit ip host 202.141.127.12 any access-list 115 permit ip host 202.141.127.131 any access-list 115 permit ip host 202.141.127.133 any access-list 115 permit ip host 144.16.192.1 any access-list 115 deny ip 202.141.127.0 0.0.0.255 any access-list 115 deny ip 203.197.98.0 0.0.0.255 any snmp-server community public RO ! line con 0 line aux 0 line vty 0 4 password cmc login ! end vmerry#logout
Page 62
15/12/2002
(H) Cisco CACHE ENGINE CE-590:

Cisco Content Engine CE-590 login: admin Password: Last login: Mon Dec 23 15:40:00 from 61.11.237.15 System Initialization Finished. CE-590#sh run hostname CE-590 ! ! ! ! ! ! ! primary-interface FastEthernet 0/0 ! interface FastEthernet 0/0 ip address 61.11.237.4 255.255.255.128 exit interface FastEthernet 0/1 shutdown exit ! ! ip default-gateway 61.11.237.1 ! ! ! ! ip name-server 203.192.33.5 ! ! ! ! ! ! ! ! ! wccp router-list 1 61.11.237.1 wccp web-cache router-list-num 1 wccp version 2 ! ! rule enable rule block url-regex .*\cmd.exe
rule block url-regex .*/root.exe rule block url-regex .*/readme\.eml rule block url-regex .*/default\.ida rule block url-regex ^http://.*/cmd\.exe rule block url-regex ^http://.*/root\.exe rule block url-regex ^http://.*/default\.ida ! ! transaction-logs enable ! ! username admin password 1 bVmDmMMmZAPjY username admin privilege 15 ! snmp-server community public ! ! ! authentication login local enable primary authentication configuration local enable primary ! ! ! ! ! ! ! CE-590#
Page 64
15/12/2002
15. Computer Sc. Cisco 2948 GL3 Distribution Switch Configuration

CSE#show run Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname CSE ! enable secret 5 $1$YqdA$k1bFzARKI.qyeUhh2QOfe. ! ip subnet-zero bridge irb ! ! ! interface FastEthernet1 description THAICOM no ip address no ip directed-broadcast bridge-group 10 ! interface FastEthernet2 description THAICOM no ip address no ip directed-broadcast bridge-group 10 ! interface FastEthernet3 description Valid_IP no ip address no ip directed-broadcast bridge-group 8 ! interface FastEthernet4 description Valid_IP no ip address no ip directed-broadcast bridge-group 8 ! interface FastEthernet5 description Student_net no ip address no ip directed-broadcast bridge-group 1 !
interface FastEthernet6 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet7 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet8 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet9 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet10 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet11 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet12 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet13 description Student_net no ip address no ip directed-broadcast bridge-group 1 ! interface FastEthernet14 description Student_net no ip address no ip directed-broadcast
bridge-group 1 ! interface FastEthernet15 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet16 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet17 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet18 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet19 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet20 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet21 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet22 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet23 description staff_net
no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet24 description staff_net no ip address no ip directed-broadcast bridge-group 2 ! interface FastEthernet25 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet26 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet27 description server_net no ip address ! interface FastEthernet28 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet29 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet30 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet31 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet32 description server_net
no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet33 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet34 description server_net no ip address no ip directed-broadcast bridge-group 3 ! interface FastEthernet35 description proj1_net no ip address no ip directed-broadcast bridge-group 4 ! interface FastEthernet36 description proj1_net no ip address no ip directed-broadcast bridge-group 4 ! interface FastEthernet37 description proj1_net no ip address no ip directed-broadcast bridge-group 4 ! interface FastEthernet38 description proj1_net no ip address no ip directed-broadcast bridge-group 4 ! interface FastEthernet39 description proj2_net no ip address no ip directed-broadcast bridge-group 5 ! interface FastEthernet40 description proj2_net no ip address no ip directed-broadcast bridge-group 5 !
interface FastEthernet40.1 description project1net connected to 2924_hardwarelab encapsulation isl 494 no ip redirects no ip directed-broadcast bridge-group 4 ! interface FastEthernet40.2 description staffnet connected to 2924_hardwarelab encapsulation isl 496 no ip redirects no ip directed-broadcast bridge-group 2 ! interface FastEthernet41 description proj2_net no ip address no ip directed-broadcast bridge-group 5 ! interface FastEthernet41.1 description staffnet connected to 2924_dtp room encapsulation isl 496 no ip redirects no ip directed-broadcast bridge-group 2 ! interface FastEthernet41.2 description studentnet connected to 2924_dtp room encapsulation isl 497 no ip redirects no ip directed-broadcast bridge-group 1 ! interface FastEthernet41.3 description project1net connected to 2924_dtp room encapsulation isl 494 no ip redirects no ip directed-broadcast bridge-group 4 nterface FastEthernet42 description proj2_net no ip address no ip directed-broadcast bridge-group 5 nterface FastEthernet42.1 description STUDENT_NET CONNECTED TO 2924 SWITCH1 encapsulation isl 497 no ip redirects no ip directed-broadcast
bridge-group 1 nterface FastEthernet42.2 description STAFF_NET CONNECTED TO 2924 SWITCH1 encapsulation isl 496 no ip redirects no ip directed-broadcast bridge-group 2 nterface FastEthernet42.3 description SERVER_NET CONNECTED TO 2924 SWITCH1 encapsulation isl 495 no ip redirects no ip directed-broadcast bridge-group 3 nterface FastEthernet42.4 description PROJECT1_NET CONNECTED TO 2924 SWITCH1 encapsulation isl 494 no ip redirects no ip directed-broadcast bridge-group 4 nterface FastEthernet43 description interdepartmental_1 no ip address no ip directed-broadcast bridge-group 6 nterface FastEthernet44 description interdepartmental_1 no ip address no ip directed-broadcast bridge-group 6 nterface FastEthernet45 description interdepartmental_1 no ip address no ip directed-broadcast bridge-group 6 nterface FastEthernet46 description interdepartmental_1 no ip address no ip directed-broadcast bridge-group 6 nterface FastEthernet46.1 description project1net connected to 2924_ab roo encapsulation isl 494 no ip redirects no ip directed-broadcast
bridge-group 4 nterface FastEthernet46.2 description staffnet connected to 2924_ab room encapsulation isl 496 no ip redirects no ip directed-broadcast bridge-group 2 nterface FastEthernet47 description interdepartmental_2 no ip address no ip directed-broadcast bridge-group 7 nterface FastEthernet48 description interdepartmental_2 no ip address no ip directed-broadcast bridge-group 7 nterface GigabitEthernet49 no ip address no ip directed-broadcast nterface GigabitEthernet49.1 description Valid_ip encapsulation isl 2 no ip redirects no ip directed-broadcast bridge-group 8 nterface GigabitEthernet49.2 description CSC_Core_Vlan encapsulation isl 503 no ip redirects no ip directed-broadcast bridge-group 9 nterface GigabitEthernet49.3 description interdepartmental2_vlan encapsulation isl 499 no ip redirects no ip directed-broadcast bridge-group 7 nterface GigabitEthernet49.4 description interdepartmental1_vlan encapsulation isl 498 no ip redirects no ip directed-broadcast bridge-group 6
nterface GigabitEthernet49.5 description THAICOM VLAN encapsulation isl 645 no ip redirects no ip directed-broadcast bridge-group 10 nterface GigabitEthernet49.6 description staffnet encapsulation isl 38 no ip redirects no ip directed-broadcast bridge-group 2 nterface GigabitEthernet49.7 encapsulation isl 39 no ip redirects no ip directed-broadcast bridge-group 4 nterface GigabitEthernet50 no ip address no ip directed-broadcast shutdown nterface BVI1 description student_net ip address 10.5.16.2 255.255.255.0 ip helper-address 10.5.17.255 ip helper-address 10.5.18.255 ip directed-broadcast nterface BVI2 description staff_net ip address 10.5.17.2 255.255.255.0 ip helper-address 10.5.18.255 ip directed-broadcast nterface BVI3 ip address 10.5.18.2 255.255.255.0 ip helper-address 10.5.17.255 ip directed-broadcast nterface BVI4 ip address 10.5.19.2 255.255.255.0 ip helper-address 10.5.18.255 ip helper-address 10.5.17.255 ip directed-broadcast nterface BVI5 ip address 10.5.20.2 255.255.255.0
no ip directed-broadcast nterface BVI6 no ip address no ip directed-broadcast ! interface BVI8 description Valid_vlan no ip address no ip directed-broadcast ! interface BVI9 ip address 10.153.1.1 255.255.0.0 no ip directed-broadcast ! interface BVI10 no ip address no ip directed-broadcast ! router ospf 109 redistribute rip subnets network 10.0.0.0 0.255.255.255 area 0 ! router rip redistribute ospf 109 passive-interface BVI9 network 10.0.0.0 default-metric 10 ! ip classless ip forward-protocol udp xdmcp ip forward-protocol udp ntp ! snmp-server community public RO bridge 1 protocol ieee bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip bridge 3 protocol ieee bridge 3 route ip bridge 4 protocol ieee bridge 4 route ip bridge 5 protocol ieee bridge 5 route ip bridge 6 protocol ieee bridge 6 route ip bridge 7 protocol ieee bridge 7 route ip bridge 8 protocol ieee bridge 8 route ip bridge 9 protocol ieee bridge 9 route ip
bridge 10 protocol ieee bridge 10 route ip ! line con 0 transport input none line aux 0 line vty 0 4 password cse5 login ! end
Page 75
15/12/2002
16. ACCESS/EDGE Switch Configuration details of some Departments (A) ARCHITECTURE:

Architecture# sh run Building configuration... Current configuration: ! version 11.2 no service pad no service udp-small-servers no service tcp-small-servers ! hostname Architecture ! enable secret 5 $1$gb8n$ews.tHRVMYkEhSkk.4YlU. enable password arch ! ! ! ! interface VLAN1 no ip address no ip route-cache shutdown ! interface VLAN18 ip address 10.27.1.1 255.255.0.0 no ip route-cache ! interface FastEthernet0/1 switchport access vlan 18 ! interface FastEthernet0/2 switchport access vlan 18 ! interface FastEthernet0/3 switchport access vlan 18 ! interface FastEthernet0/4 switchport access vlan 18 ! interface FastEthernet0/5 switchport access vlan 18 ! interface FastEthernet0/6 switchport access vlan 18 ! interface FastEthernet0/7
switchport access vlan 18 ! interface FastEthernet0/8 switchport access vlan 18 ! interface FastEthernet0/9 switchport access vlan 18 ! interface FastEthernet0/10 switchport access vlan 18 ! interface FastEthernet0/11 switchport access vlan 18 ! interface FastEthernet0/12 switchport access vlan 18 ! interface FastEthernet0/13 switchport access vlan 18 ! interface FastEthernet0/14 switchport access vlan 18 ! interface FastEthernet0/15 switchport access vlan 18 ! interface FastEthernet0/16 switchport access vlan 18 ! interface FastEthernet0/17 switchport access vlan 18 ! interface FastEthernet0/18 switchport access vlan 18 ! interface FastEthernet0/19 switchport access vlan 18 ! interface FastEthernet0/20 switchport access vlan 18 ! interface FastEthernet0/21 switchport access vlan 18 ! interface FastEthernet0/22 switchport access vlan 18 ! interface FastEthernet0/23 switchport access vlan 18 ! interface FastEthernet0/24 switchport access vlan 18
! interface GigabitEthernet1/1 switchport access vlan 18 ! ip default-gateway 10.27.1.2 snmp-server community private RW snmp-server community public RO snmp-server chassis-id 0x10 ! line con 0 stopbits 1 line vty 0 4 password arch27 login line vty 5 9 login ! end
_______________________________________________ Configuration of 1924 installed at Architecture. _______________________________________________ Catalyst 1900 - IP Configuration Ethernet Address: 00-06-28-D9-B6-00 ----------------------- Settings --------------------------------------[I] IP address 10.27.2.1 [S] Subnet mask 255.255.0.0 [G] Default gateway 10.27.1.2 [B] Management bridge group 1 (always) [M] IP address of DNS server 1 0.0.0.0 [N] IP address of DNS server 2 0.0.0.0 [D] Domain name [R] Use Routing Information Protocol Enabled ----------------------- Actions ---------------------------------------[P] Ping [C] Clear cached DNS entries [X] Exit to previous menu
Page 78
15/12/2002
(B) IE & M:
IEM# sh run Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname IEM ! enable secret 5 $1$qDLu$7L.O.t7hdeZiEMUbAk6bh1 ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 switchport access vlan 10 ! interface FastEthernet0/2 switchport access vlan 10 ! interface FastEthernet0/3 switchport access vlan 10 ! interface FastEthernet0/4 switchport access vlan 10 ! interface FastEthernet0/5 switchport access vlan 10 ! interface FastEthernet0/6 switchport access vlan 10 ! interface FastEthernet0/7 switchport access vlan 10 ! interface FastEthernet0/8 switchport access vlan 10 ! interface FastEthernet0/9 switchport access vlan 10 ! interface FastEthernet0/10
switchport access vlan 10 ! interface FastEthernet0/11 switchport access vlan 10 ! interface FastEthernet0/12 switchport access vlan 10 ! interface FastEthernet0/13 switchport access vlan 10 ! interface FastEthernet0/14 switchport access vlan 10 ! interface FastEthernet0/15 switchport access vlan 10 ! interface FastEthernet0/16 switchport access vlan 10 ! interface FastEthernet0/17 switchport access vlan 10 ! interface FastEthernet0/18 switchport access vlan 10 ! interface FastEthernet0/19 switchport access vlan 10 ! interface FastEthernet0/20 switchport access vlan 10 ! interface FastEthernet0/21 switchport access vlan 10 ! interface FastEthernet0/22 switchport access vlan 10 ! interface FastEthernet0/23 switchport access vlan 10 ! interface FastEthernet0/24 switchport access vlan 10 ! interface GigabitEthernet0/1 switchport access vlan 10 switchport trunk allowed vlan 1,10,1002-1005 switchport mode trunk ! interface GigabitEthernet0/2 ! interface VLAN1
no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN10 ip address 10.29.1.1 255.255.0.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 10.29.1.2 snmp-server engineID local 000000090200000628F1D100 snmp-server community private RW ! line con 0 transport input none stopbits 1 line vty 0 4 password iem29 login line vty 5 15 password iem29 login ! end
Page 81
15/12/2002
(C) NAVAL:
NAVAL# sh run Building configuration... Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname NAVAL ! enable secret 5 $1$EZdN$2Zwnhv0ktj48jUb8gJ1HJ. ! ! ! ! ! ! ip subnet-zero ! ! ! interface FastEthernet0/1 switchport access vlan 11 ! interface FastEthernet0/2 switchport access vlan 11 ! interface FastEthernet0/3 switchport access vlan 11 ! interface FastEthernet0/4 switchport access vlan 11 ! interface FastEthernet0/5 switchport access vlan 11 ! interface FastEthernet0/6 switchport access vlan 11 ! interface FastEthernet0/7 switchport access vlan 11 ! interface FastEthernet0/8 switchport access vlan 11 !
interface FastEthernet0/9 switchport access vlan 11 ! interface FastEthernet0/10 switchport access vlan 11 ! interface FastEthernet0/11 switchport access vlan 11 ! interface FastEthernet0/12 switchport access vlan 11 ! interface FastEthernet0/13 switchport access vlan 11 ! interface FastEthernet0/14 switchport access vlan 11 ! interface FastEthernet0/15 switchport access vlan 11 ! interface FastEthernet0/16 switchport access vlan 11 ! interface FastEthernet0/17 switchport access vlan 11 ! interface FastEthernet0/18 switchport access vlan 11 ! interface FastEthernet0/19 switchport access vlan 11 ! interface FastEthernet0/20 switchport access vlan 11 ! interface FastEthernet0/21 switchport access vlan 11 ! interface FastEthernet0/22 switchport access vlan 11 ! interface FastEthernet0/23 switchport access vlan 11 ! interface FastEthernet0/24 switchport access vlan 11 ! interface GigabitEthernet0/1 switchport access vlan 11 switchport trunk allowed vlan 1,11,1002-1005 switchport mode trunk
! interface GigabitEthernet0/2 ! interface VLAN1 no ip address no ip directed-broadcast no ip route-cache shutdown ! interface VLAN11 ip address 10.24.1.1 255.255.0.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 10.24.1.2 snmp-server engineID local 0000000902000006530F3940 snmp-server community private RW snmp-server community public RO ! line con 0 transport input none stopbits 1 line vty 0 4 password naval24 login line vty 5 15 password naval24 login ! end
Page 84
15/12/2002
(D) CRF:
CRF# sh run Building configuration... Current configuration: ! version 11.2 no service pad no service udp-small-servers no service tcp-small-servers ! hostname CRF ! enable secret 5 $1$MyCd$gtAw7RYfT5bu1q5hxQ6aA/ ! ! ! ! interface VLAN1 no ip address no ip route-cache shutdown ! interface VLAN17 ip address 10.42.1.1 255.255.0.0 no ip route-cache ! interface FastEthernet0/1 switchport access vlan 17 ! interface FastEthernet0/2 switchport access vlan 17 ! interface FastEthernet0/3 switchport access vlan 17 ! interface FastEthernet0/4 switchport access vlan 17 ! interface FastEthernet0/5 switchport access vlan 17 ! interface FastEthernet0/6 switchport access vlan 17 ! interface FastEthernet0/7 switchport access vlan 17 ! interface FastEthernet0/8 switchport access vlan 17
! interface FastEthernet0/9 switchport access vlan 17 ! interface FastEthernet0/10 switchport access vlan 17 ! interface FastEthernet0/11 switchport access vlan 17 ! interface FastEthernet0/12 switchport access vlan 17 ! interface FastEthernet0/13 switchport access vlan 17 ! interface FastEthernet0/14 switchport access vlan 17 ! interface FastEthernet0/15 switchport access vlan 17 ! interface FastEthernet0/16 switchport access vlan 17 ! interface FastEthernet0/17 switchport access vlan 17 ! interface FastEthernet0/18 switchport access vlan 17 ! interface FastEthernet0/19 switchport access vlan 17 ! interface FastEthernet0/20 switchport access vlan 17 ! interface FastEthernet0/21 switchport access vlan 17 ! interface FastEthernet0/22 switchport access vlan 17 ! interface FastEthernet0/23 switchport access vlan 17 ! interface FastEthernet0/24 switchport access vlan 17 ! interface GigabitEthernet1/1 switchport access vlan 17 !
ip default-gateway 10.42.1.2 snmp-server community private RW snmp-server community public RO snmp-server chassis-id 0x10 ! line con 0 stopbits 1 line vty 0 4 password crf42 login line vty 5 9 login ! end
Page 87
15/12/2002
17. DISTRIBUTION Switch Configuration details of some Hostel (A) NEHRU Hall Distribution Cisco Catalyst 6509 Switch:
Cisco Systems Console Enter password: Console> en Enter password: Console> (enable) sh config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. .................. .................. .................. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Thu Sep 12 2002, 04:45:58 ! #version 6.1(3) ! ! #system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A DK: 40 ! set password $2$0o8Z$Uzhvc1xPbFk4WnBzZ03zI0 set enablepass $2$CBqb$n64swmlNxNXQ9QOVlxpSO0 ! #errordetection set errordetection portcounter enable ! #! #vtp set vtp domain NEHRU set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 613 name NEHRU_CORE1 type ethernet mtu 1500 said 100613 state active set vlan 614 name NEHRU_CORE2 type ethernet mtu 1500 said 100614 state active set vlan 815 name NEHRU_A_GND type ethernet mtu 1500 said 100815 state active set vlan 816 name NEHRU_B_GND type ethernet mtu 1500 said 100816 state active set vlan 817 name NEHRU_B_1ST type ethernet mtu 1500 said 100817 state active set vlan 818 name NEHRU_B_2ND type ethernet mtu 1500 said 100818 state active set vlan 819 name NEHRU_C_GND type ethernet mtu 1500 said 100819 state active set vlan 820 name NEHRU_C_1ST type ethernet mtu 1500 said 100820 state active set vlan 821 name NEHRU_C_2ND type ethernet mtu 1500 said 100821 state active
set vlan 822 name NEHRU_D_GND type ethernet mtu 1500 said 100822 state active set vlan 823 name NEHRU_D_1ST type ethernet mtu 1500 said 100823 state active set vlan 824 name NEHRU_D_2ND type ethernet mtu 1500 said 100824 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 640-641 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.108/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set vlan 640 1/1 ! #module 2 empty ! #module 3 : 16-port 1000BaseX Ethernet set udld enable 3/13 clear trunk 3/1 2-814,816-1005,1025-4094 set trunk 3/1 on isl 1,815 clear trunk 3/2 2-815,817-1005,1025-4094 set trunk 3/2 on isl 1,816 clear trunk 3/3 2-816,818-1005,1025-4094 set trunk 3/3 on isl 1,817 clear trunk 3/4 2-639,642-817,819-1005,1025-4094 set trunk 3/4 on isl 1,640-641,818 clear trunk 3/5 2-818,820-1005,1025-4094 set trunk 3/5 on isl 1,819 clear trunk 3/6 2-819,821-1005,1025-4094 set trunk 3/6 on isl 1,820 clear trunk 3/7 2-820,822-1005,1025-4094 set trunk 3/7 on isl 1,821 clear trunk 3/8 2-821,823-1005,1025-4094 set trunk 3/8 on isl 1,822 clear trunk 3/9 2-822,824-1005,1025-4094 set trunk 3/9 on isl 1,823 clear trunk 3/10 2-823,825-1005,1025-4094
set trunk 3/10 on isl 1,824 set trunk 3/13 on isl 1-1005,1025-4094 clear trunk 3/15 2-612,614-639,642-1005,1025-4094 set trunk 3/15 on isl 1,613,640-641 clear trunk 3/16 2-613,615-1005,1025-4094 set trunk 3/16 on isl 1,614 ! #module 4 empty ! #module 5 : 0-port Switch Fabric Module ! #module 6 empty ! #module 7 empty ! #module 8 empty ! #module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 empty end Console> (enable) Cisco Systems Console
Enter password: Console> session 15 Trying Router-15... Connected to Router-15. Escape character is '^]'. NEHRU>en Password: NEHRU#sh run Building configuration... Current configuration : 4136 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname NEHRU
! boot system flash bootflash:c6msfc2-psv-mz.121-7a.E1 enable password core1 ! ip subnet-zero ! ! no ip finger ip domain-name nehru.iitkgp.ernet.in ip name-server 10.129.100.14 ip name-server 10.128.2.2 ip name-server 144.16.192.55 ip dhcp database ftp://dhcplog:dhcplog@10.129.100.14/router-dhcp write-delay 120 ip dhcp excluded-address 10.108.1.1 10.108.1.31 ip dhcp excluded-address 10.108.2.1 10.108.2.31 ip dhcp excluded-address 10.108.3.1 10.108.3.31 ip dhcp excluded-address 10.108.4.1 10.108.4.31 ip dhcp excluded-address 10.108.5.1 10.108.5.31 ip dhcp excluded-address 10.108.6.1 10.108.6.31 ip dhcp excluded-address 10.108.7.1 10.108.7.31 ip dhcp excluded-address 10.108.8.1 10.108.8.31 ip dhcp excluded-address 10.108.9.1 10.108.9.31 ip dhcp excluded-address 10.108.10.1 10.108.10.31 ! ip dhcp pool NEHRU network 10.108.0.0 255.255.0.0 domain-name nehru.iitkgp.ernet.in dns-server 10.129.100.14 10.128.2.2 144.16.192.55 netbios-name-server 10.129.100.14 10.128.2.2 netbios-node-type h-node ! ip dhcp pool NEHRU_A_GND network 10.108.1.0 255.255.255.0 default-router 10.108.1.2 ! ip dhcp pool NEHRU_B_GND network 10.108.2.0 255.255.255.0 default-router 10.108.2.2 ! ip dhcp pool NEHRU_B_1ST network 10.108.3.0 255.255.255.0 default-router 10.108.3.2 ! ip dhcp pool NEHRU_B_2ND network 10.108.4.0 255.255.255.0 default-router 10.108.4.2 ! ip dhcp pool NEHRU_C_GND network 10.108.5.0 255.255.255.0 default-router 10.108.5.2
! ip dhcp pool NEHRU_C_1ST network 10.108.6.0 255.255.255.0 default-router 10.108.6.2 ! ip dhcp pool NEHRU_C_2ND network 10.108.7.0 255.255.255.0 default-router 10.108.7.2 ! ip dhcp pool NEHRU_D_GND network 10.108.8.0 255.255.255.0 default-router 10.108.8.2 ! ip dhcp pool NEHRU_D_1ST network 10.108.10.0 255.255.255.0 default-router 10.108.10.2 ! ip dhcp pool NEHRU_D_2ND network 10.108.9.0 255.255.255.0 default-router 10.108.9.2 ! ip multicast-routing ! ! ! interface Vlan613 description NEHRU TO FOUNDATION CORE1 ip address 10.200.13.2 255.255.255.0 ip pim dense-mode ! interface Vlan614 description NEHRU TO FOUNDATION CORE2 ip address 10.200.14.2 255.255.255.0 ip pim dense-mode ! interface Vlan815 description NEHRU TO BLOCK A GROUND FLOOR ip address 10.108.1.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan816 description NEHRU TO BLOCK B GROUND FLOOR ip address 10.108.2.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan817 description NEHRU TO BLOCK B 1ST FLOOR ip address 10.108.3.2 255.255.255.0
ip access-group 8 out ip pim dense-mode ! interface Vlan818 description NEHRU TO BLOCK B 2ND FLOOR ip address 10.108.4.2 255.255.255.0 ip pim dense-mode ! interface Vlan819 description NEHRU TO BLOCK C GND FLOOR ip address 10.108.5.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan820 description NEHRU TO BLOCK C 1ST FLOOR ip address 10.108.6.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan821 description NEHRU TO BLOCK C 2ND FLOOR ip address 10.108.7.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan822 description NEHRU TO BLOCK D GND FLOOR ip address 10.108.8.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan823 description NEHRU TO BLOCK D 2ND FLOOR ip address 10.108.9.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! interface Vlan824 description NEHRU TO BLOCK D 1ST FLOOR ip address 10.108.10.2 255.255.255.0 ip access-group 8 out ip pim dense-mode ! router ospf 109 log-adjacency-changes network 10.108.0.0 0.0.255.255 area 108 network 10.200.0.0 0.0.255.255 area 0 ! ip classless
ip route 0.0.0.0 0.0.0.0 10.200.13.1 150 no ip http server ! access-list 8 deny 144.16.192.1 access-list 8 deny 144.16.192.213 access-list 8 deny 144.16.192.216 access-list 8 deny 144.16.192.217 access-list 8 permit any ! ! line con 0 transport input none line vty 0 4 login ! end
Page 94
15/12/2002
(B) PATEL+Zakir Hussain Hall Distribution Cisco Catalyst 6509 Switch:

Cisco Systems Console Enter password: patel-core> en Enter password: Enter password: patel-core> (enable) sh config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. .................. .................. ................. begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Wed Sep 9 2002, 20:08:29 ! #version 6.1(3) ! ! #system web interface version Engine: 5.3 ADP device: Cat6000 ADP Version: 1.5 A DK: 40 ! set password $2$C6Z6$fZgFmnuHFcchsaWsOQXxH/ set enablepass $2$ge4N$yenql99eAru6gsajnw7el0 ! #errordetection set errordetection portcounter enable ! #! #vtp set vtp domain PATEL set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 615 name PATEL_CORE1 type ethernet mtu 1500 said 100615 state active set vlan 616 name PATEL_CORE2 type ethernet mtu 1500 said 100616 state active set vlan 785 name PATEL_A_GND type ethernet mtu 1500 said 100785 state active set vlan 786 name PATEL_B_GND type ethernet mtu 1500 said 100786 state active set vlan 787 name PATEL_B_1ST type ethernet mtu 1500 said 100787 state active set vlan 788 name PATEL_B_2ND type ethernet mtu 1500 said 100788 state active set vlan 789 name PATEL_C_GND type ethernet mtu 1500 said 100789 state active set vlan 790 name PATEL_C_1ST type ethernet mtu 1500 said 100790 state active set vlan 791 name PATEL_C_2ND type ethernet mtu 1500 said 100791 state active
set vlan 792 name PATEL_D_GND type ethernet mtu 1500 said 100792 state active set vlan 793 name PATEL_D_1ST type ethernet mtu 1500 said 100793 state active set vlan 794 name PATEL_D_2ND type ethernet mtu 1500 said 100794 state active set vlan 852 name PATEL_ZH1 type ethernet mtu 1500 said 100852 state active set vlan 853 name PATEL_ZH2 type ethernet mtu 1500 said 100853 state active set vlan 854 name PATEL_ZH3 type ethernet mtu 1500 said 100854 state active set vlan 855 name PATEL_ZH4 type ethernet mtu 1500 said 100855 state active set vlan 856 name PATEL_ZH5 type ethernet mtu 1500 said 100856 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state activ e stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active st p ibm set vlan 640-641 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state acti ve mode srb aremaxhop 0 stemaxhop 0 backupcrf off ! #ip set interface sc0 1 10.200.1.109/255.255.255.0 10.200.1.255 set ip route 0.0.0.0/0.0.0.0 10.200.1.2 ! #dns set ip dns server 10.128.2.2 primary set ip dns enable set ip dns domain net.iitkgp.ernet.in ! #set boot command set boot config-register 0x2 set boot system flash bootflash:cat6000-sup2cvk9.6-1-3.bin ! # default port status is enable ! ! #module 1 : 2-port 1000BaseX Supervisor set vlan 640 1/1 set trunk 1/2 on isl 1-1005,1025-4094 ! #module 2 empty ! #module 3 : 16-port 1000BaseX Ethernet clear trunk 3/1 2-639,642-784,786-1005,1025-4094 set trunk 3/1 on isl 1,640-641,785 clear trunk 3/2 2-785,787-1005,1025-4094 set trunk 3/2 on isl 1,786 clear trunk 3/3 2-786,788-1005,1025-4094 set trunk 3/3 on isl 1,787 clear trunk 3/4 2-787,789-1005,1025-4094 set trunk 3/4 on isl 1,788 clear trunk 3/5 2-788,790-1005,1025-4094
set trunk 3/5 on isl 1,789 clear trunk 3/6 2-789,791-1005,1025-4094 set trunk 3/6 on isl 1,790 clear trunk 3/7 2-790,792-1005,1025-4094 set trunk 3/7 on isl 1,791 clear trunk 3/8 2-791,793-1005,1025-4094 set trunk 3/8 on isl 1,792 clear trunk 3/9 2-792,794-1005,1025-4094 set trunk 3/9 on isl 1,793 clear trunk 3/10 2-793,795-1005,1025-4094 set trunk 3/10 on isl 1,794 clear trunk 3/11 2-851,857-1005,1025-4094 set trunk 3/11 on isl 1,852-856 clear trunk 3/12 2-851,857-1005,1025-4094 set trunk 3/12 on isl 1,852-856 clear trunk 3/13 2-851,857-1005,1025-4094 set trunk 3/13 on isl 1,852-856 clear trunk 3/14 2-851,857-1005,1025-4094 set trunk 3/14 on isl 1,852-856 clear trunk 3/15 2-614,616-639,642-1005,1025-4094 set trunk 3/15 on isl 1,615,640-641 clear trunk 3/16 2-615,617-855,857-1005,1025-4094 set trunk 3/16 on isl 1,616,856 ! #module 4 empty ! #module 5 : 0-port Switch Fabric Module ! #module 6 empty ! #module 7 empty ! #module 8 empty ! #module 9 empty ! #module 15 : 1-port Multilayer Switch Feature Card ! #module 16 empty end patel-core> (enable) PATEL# 1w0d: %DHCPD-3-WRITE_ERROR: DHCP could not write bindings to ftp://dhcp:address@ 10.129.100.15/patel-dhcp. PATEL# PATEL# PATEL#sh run Building configuration...
Current configuration : 6019 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname PATEL ! boot system flash bootflash:c6msfc2-psv-mz.121-7a.E1 netbios name-cache cache-add-name netbios name-cache name-len 16 enable password core1 ! ip subnet-zero ! ! no ip finger ip domain-list iitkgp.ernet.in. ip domain-name patel.iitkgp.ernet.in ip name-server 10.128.2.2 ip name-server 144.16.192.55 ip name-server 10.129.100.15 ip dhcp database ftp://dhcp:address@10.129.100.15/patel-dhcp write-delay 120 ip dhcp excluded-address 10.109.1.1 10.109.1.31 ip dhcp excluded-address 10.109.2.1 10.109.2.31 ip dhcp excluded-address 10.109.3.1 10.109.3.31 ip dhcp excluded-address 10.109.4.1 10.109.4.31 ip dhcp excluded-address 10.109.5.1 10.109.5.31 ip dhcp excluded-address 10.109.6.1 10.109.6.31 ip dhcp excluded-address 10.109.7.1 10.109.7.31 ip dhcp excluded-address 10.109.8.1 10.109.8.31 ip dhcp excluded-address 10.109.9.1 10.109.9.31 ip dhcp excluded-address 10.109.10.1 10.109.10.31 ip dhcp excluded-address 10.114.1.1 10.114.1.31 ip dhcp excluded-address 10.114.2.1 10.114.2.31 ip dhcp excluded-address 10.114.3.1 10.114.3.31 ip dhcp excluded-address 10.114.4.1 10.114.4.31 ip dhcp excluded-address 10.114.5.1 10.114.5.31 ! ip dhcp pool PATEL_A_GND network 10.109.1.0 255.255.255.0 default-router 10.109.1.2 ! ip dhcp pool PATEL_B_GND network 10.109.2.0 255.255.255.0 default-router 10.109.2.2 ! ip dhcp pool PATEL_B_1ST network 10.109.3.0 255.255.255.0
default-router 10.109.3.2 ! ip dhcp pool PATEL_B_2ND network 10.109.4.0 255.255.255.0 default-router 10.109.4.2 ! ip dhcp pool PATEL_C_GND+GND1 network 10.109.5.0 255.255.255.0 default-router 10.109.5.2 ! ip dhcp pool PATEL_C_1ST network 10.109.6.0 255.255.255.0 default-router 10.109.6.2 ! ip dhcp pool PATEL_C_2ND+2ND1 network 10.109.7.0 255.255.255.0 default-router 10.109.7.2 ! ip dhcp pool PATEL_D_GND network 10.109.8.0 255.255.255.0 default-router 10.109.8.2 ! ip dhcp pool PATEL_D_1ST network 10.109.9.0 255.255.255.0 default-router 10.109.9.2 ! ip dhcp pool PATEL_D_2ND network 10.109.10.0 255.255.255.0 default-router 10.109.10.2 ! ip dhcp pool PATEL network 10.109.0.0 255.255.0.0 domain-name patel.iitkgp.ernet.in dns-server 10.129.100.15 10.128.2.2 144.16.192.55 netbios-name-server 10.129.100.15 10.128.2.2 netbios-node-type h-node ! ip dhcp pool ZH_1_GND network 10.114.1.0 255.255.255.0 default-router 10.114.1.2 ! ip dhcp pool ZH_2_GND network 10.114.2.0 255.255.255.0 default-router 10.114.2.2 ! ip dhcp pool ZH_3_GND network 10.114.3.0 255.255.255.0 default-router 10.114.3.2 ! ip dhcp pool ZH_4_GND
network 10.114.4.0 255.255.255.0 default-router 10.114.4.2 ! ip dhcp pool ZH_5_GND network 10.114.5.0 255.255.255.0 default-router 10.114.5.2 ! ip dhcp pool patel ! ip dhcp pool ZH network 10.114.0.0 255.255.255.0 domain-name zh.iitkgp.ernet.in dns-server 10.128.2.2 144.16.192.55 netbios-name-server 10.128.2.2 netbios-node-type h-node ! ip multicast-routing ! ! ! interface Vlan615 description PATEL TO CIC CORE1 ip address 10.200.15.2 255.255.255.0 ip helper-address 10.128.2.2 ip pim dense-mode ! interface Vlan616 description PATEL TO CIC CORE2 ip address 10.200.16.2 255.255.255.0 ip helper-address 10.128.2.2 ip pim dense-mode ! interface Vlan785 description PATEL TO BLOCK A GROUND FLOOR ip address 10.109.1.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan786 description PATEL TO BLOCK B GROUND FLOOR ip address 10.109.2.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan787 description PATEL TO BLOCK B 1ST FLOOR ip address 10.109.3.2 255.255.255.0 ip access-group 9 out ip pim dense-mode !
interface Vlan788 description PATEL TO BLOCK B 2ND FLOOR ip address 10.109.4.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan789 description PATEL TO BLOCK C GROUND FLOOR ip address 10.109.5.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan790 description PATEL TO BLOCK C 1ST FLOOR ip address 10.109.6.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan791 description PATEL TO BLOCK C 2ND FLOOR ip address 10.109.7.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan792 description PATEL TO BLOCK D GND FLOOR ip address 10.109.8.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan793 description PATEL TO BLOCK D 1ST FLOOR ip address 10.109.9.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan794 description PATEL TO BLOCK D 2ND FLOOR ip address 10.109.10.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan852 description PATEL TO ZH BLOCK 1 GROUND FLOOR ip address 10.114.1.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan853 description PATEL TO ZH BLOCK 2 GROUND FLOOR
ip address 10.114.2.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan854 description PATEL TO ZH BLOCK 3 GROUND FLOOR ip address 10.114.3.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan855 description PATEL TO ZH BLOCK 4 GROUND FLOOR ip address 10.114.4.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! interface Vlan856 description PATEL TO ZH BLOCK 5 GROUND FLOOR ip address 10.114.5.2 255.255.255.0 ip access-group 9 out ip pim dense-mode ! router ospf 109 log-adjacency-changes summary-address 10.109.0.0 255.255.0.0 network 10.109.0.0 0.0.255.255 area 109 network 10.114.0.0 0.0.255.255 area 114 network 10.200.0.0 0.0.255.255 area 0 ! ip classless ip route 0.0.0.0 0.0.0.0 10.200.15.1 150 no ip http server ! access-list 9 deny 144.16.192.1 access-list 9 deny 144.16.192.213 access-list 9 deny 144.16.192.216 access-list 9 deny 144.16.192.217 access-list 9 permit any ! ! line con 0 transport input none line vty 0 4 login ! end
Page 102
15/12/2002
18. Some Important feature of the Network
# Redundancy of Supervisor Engine. # QoS Implementation. # Cache-Engine Implementation.
# Redundancy of Supervisor Engine.
SUPERVISOR ENGINE REDUNDANCY REQUIREMENTS
For redundant operation, the following requirements must be met:
The active and standby supervisor engines must be in slots 1 & 2. Each supervisor engine must have the resources to run the switch on its own,which means all supervisor engine resources are duplicated.In other words, each supervisor engine has its own flash device and console port connections. Both supervisor engines must have the same system image.
Page 103
15/12/2002
SYNCHRONIZING THE SUPERVISOR ENGINES

1.Enter into session 15 of the switch. 2.Give Alternate ip addresses for each vlan which are specified in that module. 3.No interface should be shut down administratively.It should be made up by giving a no shut command or it can be deleted if it does not have any use. 4.Go to config prompt.give the command "redundancy",under this "highavailability" and under high availability give "config-sync".Then give wr m to save. 5.Then go to session 16 and give the same set of commands as mentioned in point no. 4. 6.After giving the above set of commands you can not make any changes in session 16 from session 16 prompt.Whatever you change in session 15 it will replicate the same thing in session 16. 7.Go to switch mode and give reset 1(primary supervisor engine).Then module 2 will automatically take over as primary.If module 1 comes up,it will remain secondary till module 2 fails.Please remember module 1 corresponds to session 15 and module 2 to session 16.
TESTBED DIAGRAM REDUNDANCY IN CORE SWITCH

Supervisor Engine- 2
10.161.1.2
Supervisor Engine- 1
10.162.1.1
Vlan 721
10.161.1.2
Vlan 722
10.162.1.2
Vlan 712 10. 211.1.1
Distribution 2
Core Switch
Distribution 1
Switchover from one to another Supervisor engine takes only 2 min 45 seconds
Access Ping 10.161.1.2 -t
Page 104
15/12/2002
# QoS Implementation.
G AT E W AY R O UTE R
E1 61. 11. 237. 1/ 25
S 0 - 2 03. 192 . 34 . 22 6 / 3 0
E 0 - 61. 11. 237. 254 / 30
M O DE M D VB RE CE IVE R
61. 11. 237. 3 / 25
E1 - 61. 11. 237. 253 / 30
F IR EW ALL
10. 250. 1. 4 / 24 10. 250. 1. 2 / 24
Firew all Vlan

C OR E
10. 200. 10. 1 D ISTR IB UTION 1 10. 101. 0. 0 10. 200. 10. 2 D ISTR IB UTION 1 10. 1. 0. 0
C OR E
D IST 2
D IST n 10. 115. 0. 0
Policies are applied

D IST n 10.50.0.0
HAL L N E TW OR K 10. 9 6. 0 . 0 / 255 . 22 4. 0 . 0
10. 0. 0 . 0 / 10 AC AD E M IC NE TW OR K
L in k U t iliz a t io n R e p o rt w h e n th e re is n o P o lic y
Page 105
15/12/2002
PO L IC Y IM PL EM EN TATIO N
Traffic policy im plem ented f or all traffic com ing to the 1/1 p ort of th e core sw itch w hich is conn ected to f irew all V LA N #qos set qo s e nable set qo s policer a ggregate qo s_te st rate 2000 burst 2000 drop set qo s acl ip tcp_co nt d scp 0 aggregate qo s_te st tcp any a ny co mmit qo s acl all set port qos 1/1 vla n-ba sed set qo s acl map tcp_co nt 650
Link Utilization Report when Policy is applied
Page 106
15/12/2002
Sha p ing is no t P o s s ib le w it h C a t O S
Student Internet Access Control Using The Time Range

access-list 10 permit 10.51.1.100 access-list 10 permit 10.51.1.101 access-list 160 permit ip 10.107.15.0 0.0.0.255 any access-list 160 permit ip 10.107.10.0 0.0.0.255 any access-list 160 permit ip 144.16.0.0 0.0.255.255 any access-list 160 permit ip 10.0.0.0 0.63.255.255 any access-list 160 permit ip 10.128.0.0 0.127.255.255 any access-list 160 permit ip 10.96.0.0 0.31.255.255 any time-range halltime access-list 160 permit ip 61.11.251.0 0.0.0.255 any access-list 160 permit ip 203.192.37.0 0.0.0.255 any time-range halltime periodic weekdays 17:00 to 23:59 periodic weekdays 0:00 to 8:00 periodic weekend 0:00 to 23:59
Page 107
15/12/2002
APPLICATION WISE BANDWIDTH DISTRIBUTION
Page 108
15/12/2002
# Cache-Engine Implementation.
C o nte nt E n gine V la n C o n f Int V la n 6 4 1 Ip : 1 0.1 29. 50. 2 Ip r o ut e - ca c h e sa m e eeint erfa c e
I nternet
F IREW ALL IR EW
F irew a ll V la n
FIR E W AL L V L AN CONF Int V la n 6 5 0 IP : 1 0.2 5 0.1.4 Ip w cc p w eb ebo ut ca c h e r e d ir ect
S E R V E RFA R M VE R FA CDM
C a ch e E ng in e C o n fig
F O UN D AT IO N C ORE
H all D ist
D ifferen t H alls H all Ac c es s C E - 507
W ccp ro uter - lis t 1 1 0.1 2 9.5 0.2 W ccp w e b - ca c h e ro ut er - list - nu m 1 ber- listW ccp ve rsio n 2
Content Delivery M anager

The Cisco CD M is the policy m an age r of t he learning net w ork. It enables net w ork adm inistrators to configure b and w idth an d distrib ution settin gs such that conte nt w ill not interfere w it h othe r netw ork traffic.
Through a g rap hical W eb-brow ser-bas ed us er, the netw ork adm inist rator can enab le content provide rs across the com pa ny to im port and distribute rich lea rnin g or com m unications using the netw o rk setting s he ld by the CDM .
The CDM en able s the adm inistrator to m o nitor the health of the e ntire delivery netw ork, includ ing all th e Cisco Cont ent Eng ine s located at end user sites.
Page 109
15/12/2002
CISCO Content E ngine CIS CO Engine

The Cisco Content Engines st ream live or on-dem an d content to the learn er's d esktop. T he learner sim ply logs on to a W eb pag e or application s uch as a Learning M ana gem ent Syst em or Virtua l Collaboration syst em an d acces ses all th e h igh-band w idth m edia ove r the local-a rea netw o rk.
Cisco CEs w ork in conjunction with t he ex isting n etw ork infrast ructure to localize traffic, rather tha n pull rich files over t he W AN . By stream ing rich m edia locally, enterprises can no w delive r hig herbandw idth a nd su bseq uently high er-im pact inform ation to th e le arn er. Content eng ine s can also b e used to cache static or stream ing W e b content from sites such as Ya hoo.co m or CN N .com for better n etwork perform a nce, and eve n to block or filte r nonprod uctive, nonbusines s W eb sites fo r im proved p roductivity.
PERFORM ANCE CONSIDERATION OF H TTP CACH ING
Transactions per Seconds Concurrent Connections D isk Space
Page 110
15/12/2002
TRANSACTIONS PER SECONDS

It is referred to as requests/sec or URLs/sec. It is a m easure of the num ber of new HTTP Transactions per second that a cache is capab le of dealing with in a second. TPS is som etim e s m easured in term s of HTTP requests p er second or in term s of m eg abits per second. Mbit/sec = TPS * Average HTTP object size(bytes) * bits in a byt e(8) ---------------------------------------------------------------- ---bits in a m egabit(1,000,00 0) egabit(1,000,000) Suppose tod ay on the internet w e observe an average object size o n the internet of aro und 8.5 kbytes. If som e overhead is included for IP packetization(IP headers), TCP fram ing(TCP headers) along with the the HTTP headers associated w ith a request, we end up with an av erag e around 10 kbytes, so we end up with every m egabit of HTTP traffic is traffic approxim ately eq ual to 10 TPS of sustained HTTP traffic. 10
CONCURRENT CONNECTIONS
The total number of Concurrent connections is the total no of HT TP flows the CE can service at any single point in time. That is, how long it how takes to do wnload the average HTTP object. Max concurrent connections Req = TPS * Avg HTTP flow hold time(s ec) As an example, if the average http flow hold time is 3 seconds(typically seconds(typically what w e observe on the internet today), and we are servicing 150 TPS, we end up with the CE servicing an average total of 450 concurrent concurrent connections at any point in time. Max concurrent connections req = 150(TPS) * 3(sec/request) = 450 concurrent connection Generally speaking the maximum number of concurrent connections that a CE supports is significantly higher than required.
Page 111
15/12/2002
DISK SPACE
In order to allo w a CE to function that is, cache content objects need to spend some period of time in the CE. The minimum cache storag e time should be around 24 hours, preferably up to 72 hours, to maximize maximize cache savings. Cache Storag e required for 24 Hours = Storage Avg TPS * Avg Object size(bytes) * seconds in 24 hours * (1 -anticip ated byte hit rate) ---------------------------------------------------------------- -------------------Bytes in a gigabytes W orking in the assumption that we are going to see a daily average of average 100 TPS (~10 mbit/sec)an average HTTP object size of 9.5 kbytes and an anticipated cache hit ratio of 35% , we end up with Cache Storag e req for 24 hours = 100*9500*86400*(1-0.35) Storage 100*9500*86400*(1--------------------------------1, 000, 000, 000 = 53. 352 gigabytes So the min number of CE req for 24 hours caching = 7 (Hard disk capacity of each CE is 8 G B).
Content Engine Home Page
Page 112
15/12/2002
Savings Statistics
Savings Statistics
Performance Statistics
Savings Statistics
Page 113
15/12/2002
DISK SPACE CONSUMED

In our case Avg TPS = 7*6 = 42 avg object size = 6046.7 bytes.
Cach e Storage required for 24 Hours =

42* 6046.7 * 86400* 0.65 --------------------------------------1, 000, 000, 000
Savings Statistics = 14.26 gigabytes Savings Statistics
Performance Statistics Requests/Second
Savings Statistics Savings Statistics

Performance Statistics Requests/Second
Content Engine As a Proxy Server

C on tent Engin e As a Pro xy Server ten t Proxy
U R L Filtering U sing W EB SEN SE

Page 117
15/12/2002

Caching Benefits
Optimizing the Storage Lower Response Time Increased Availability
Savings Statistics WAN Bandwidth Saving Savings Statistics
Page 119
15/12/2002
19. Network Components installed across the Network (A) ACADEMIC AREA: Sl. No 1 2 3 4 5 6
7 8 9 10 11
Equipment Name
Cisco Catalyst 6506 Switch Cisco CDM 4650 Cisco IPTV Cisco Catalyst 6006 Switch Cisco 4006 Switch Cisco 2949 GL3 Switch Cisco 3524 XL-EN Switch Cisco 3524 PWR-XL Switch Cisco 2924 MXL Switch Cisco 2924 XL-EN Switch Cisco 1924 Switch
Description
Server Farm Switch Content Distribution Manager IPTV Servers Distribution Switch L2 Supervisor Engine L3 Switch installed at major depts. L2 Switch with L3 Functionality Above with IP telephony feature L2 Switch with Fiber Port L2 Switch with L3 Functionality w/o Fiber Port Access Switch
Quantity
1 1 3 2 3 10 27 10 30 30 80
(B) HOSTEL/FOUNDATION AREA: Sl. No 1 2 3 4 Equipment Name

Cisco Catalyst 6509 Switch Cisco CE-507 AV-CDN Cisco 3524 PWR-XL Switch Cisco 3512 PWR-XL Switch
Description
Hostel Distribution Switch Content Engine Access Switch Access Switch
Quantity
14 14 163 8
(C) CENTRAL NETWORK ROOM: Sl. No 1 2 3 4 5 6 7 8 Equipment Name

Cisco Catalyst 6509 Switch Cisco Catalyst 6506 Switch Cisco 7500 Router Cisco 5509 Switch/Router Cisco PIX 525 Cisco CE - 590 DVB Receiver Radyne Modem (SCPC)
Description
Core Switch Departmental Distribution Switch Thaicom Gateway Router VSNL Router Firewall with failover Cache Engine Thaicom Rx Path Thaicom Tx Path
Quantity
3 1 1 1 1 1 1 1
Page 120
15/12/2002
20. Appreciation Letter and Signoff from IIT-Kharagpur.
(A)
Network Signoff from IIT-Academic
Page 121
15/12/2002
(B) Appreciation Letter form IIT-Foundation
Page 122
15/12/2002
Page 123
15/12/2002
21. GLOSSARY
1. Data Sheet Cisco Catalyst 6500 Series

Overview The Cisco Catalyst 6500 Series delivers secure, converged services from the wiring closet to the WAN edge. Providing scalable intelligent multilayer switching performance for both enterprise and service provider networks, the Cisco Catalyst 6500 Series supports 48 to 576 10/100 Ethernet port configurations, delivering 210 million packets-per-second throughput across network cores and multiple gigabit-per-second trunks. Designed to maximize network uptime and investment protection, the Cisco Catalyst 6500 Series supports an unparalleled range of services, including data and voice integration and LAN, WAN, and, metropolitan-area network (MAN) convergence. Operational consistency is achieved by sharing a common set of modules (Cisco Catalyst 6500 Series modules and Cisco 7600 Series WAN port adapters), the Cisco Catalyst Operating System (CatOS), and Cisco IOS Software, including the command-line interface (CLI) and network management tools, across four modular chassis that can be deployed anywhere in the network. By integrating advanced multigigabit Layer 2-7 services such as security and content into a converged network, the Cisco Catalyst 6500 Series optimizes IT infrastructure utilization and maximizes return on investment. Together with the Cisco Catalyst 4500, 3550, and 2950 series switches, Cisco Systems delivers the widest range of intelligent switching solutions, enabling multimedia, mission-critical data and voice applications in both corporate intranets and the Internet end to end (refer to Figure 1). Figure 1: The Cisco Catalyst 6500 Series WS-6503, WS-C6506, WS-C6509, WS-C6509-NEBS, and WS-C6513
The Cisco Catalyst 6500 Series delivers exceptional scalability, price, and performance, supporting a wide range of interface densities, performance, and high-availability options, including: Flexible 3-, 6-, 9-, and 13-slot chassis configurations that allow one platform to be deployed in wiring closet, core, data center, and WAN edge Fast 2-3 second stateful failover of redundant supervisors and integrated services Scalable high-performance switching fabric and forwarding engine architecture currently delivering up to 210 Mpps Interface options from 10 Mbps to 10 Gbps Ethernet and DS0 to OC-48 WAN interfaces as well as integrated services modules Advanced wire-rate quality-of-service (QoS) and access-control-list (ACL) policy management
Page 124
15/12/2002
Building Intelligent Networks Feature-rich CatOS and Cisco IOS Software choices supported on all supervisor forwarding engines Common CLI with Cisco Catalyst 5000/5500 Series for operational consistency and easy migration Industry's highest-performance Layer 4-7 content switching capabilities, including integrated server load balancing with 200,000 concurrent connections per second Integrated multigigabit network security (firewall, intrusion detection, Secure Sockets Layer [SSL], and virtual private network [VPN]) and network analysis modules (NAMs) User-upgradable IP telephony support for up to 576 ports with high-density public switched telephone network (PSTN) or private branch exchange (PBX) gateway (8 T1 or E1s per module) and traditional phone or fax support (24 foreign exchange station [FXS] ports per module) for maximum investment protection As a key component of Cisco AVVID (Architecture for Voice, Video and Integrated Data), the Cisco Catalyst 6500 Series provides unprecedented business agility by enabling the enterprise to rapidly deploy new Internet business applications in order to boost revenue and reduce operational costs. Network policy can be applied end to end based on Layer 2, 3, and 4 information such as specific users, IP addresses, or applications. Coupled with application intelligence, QoS mechanisms, and security, customers can more effectively use their network for increased client services such as multicast and workforce optimization, e-commerce, e-learning, as well as more cost-effective corporate communication and supply-chain management applications without sacrificing network performance. The Cisco Catalyst 6500 Series provides a powerful e-commerce solution by combining these capabilities with the integrated multigigabit SSL services module and the industry's highestperformance content switching module. Secure Hypertext Transfer Protocol (HTTPS) content requests are secured by offloading the SSL processing from Web servers to the Cisco Catalyst 6500 Series SSL service module and load balanced across multiple servers via the content switching module, allowing the servers to handle peak traffic demands without degrading the user experience. Table 1 lists the features of the Cisco Catalyst 6500 Series.
2. Data Sheet Catalyst 6000 Family Gigabit Ethernet Modules

Overview The Catalyst 6500 and 6000 Series meet the demands of today's most demanding and fastgrowing enterprise and service-provider networks with high-performance gigabit ethernet switching modules. Available in 8- or 16-port versions, the Catalyst 6500 Series and 6000 Series Gigabit Ethernet switching modules are ideal for deployment in gigabit backbone and server-farm configurations or for aggregation of high-density 10/100-megabits per second (mbps) wiring closets. Up to eight gigabit ethernet modules can be added to a single nine-slot catalyst 6000 family, for a maximum of 130 gigabit ports per platform. Product Description Gigabit Ethernet Modules for the Catalyst 6000 Family The Catalyst 6000 family, consisting of the Catalyst 6000 series and 6500 series, delivers a scalable, industry-leading Gigabit Ethernet solution for today's growing enterprise and service-provider networks. The Catalyst 6000 series delivers 32 Gigabits per second (Gbps) of backplane bandwidth, while the Catalyst 6500 series is scalable to 256 Gbps. The Catalyst 6000 family 8- and 16-port Gigabit Ethernet modules are IEEE standards compliant and support full-duplex operation. The
Page 125
15/12/2002
Building Intelligent Networks Catalyst 6000 family provides industry leading port density of up to 194 Gigabit ports in a 13-slot chassis, The 8-port modules (WS-X6408-GBIC, WS-X6408A-GBIC) can be configured with shortwave (SX), longwave/long-haul (LX/LH), and extended-range (ZX) gigabit interface converters (GBICs). All Gigabit Ethernet ports on these modules have SC-type connectors for multimode fiber (MMF) or single-mode fiber (SMF). Designed for a wide range of Gigabit Ethernet applications, the 16-port Gigabit Ethernet modules are available in a variety of interfaces: small form factor MT-RJ connectors, SX, LX/LH, and ZX GBICs, and RJ-45 connectors for Category 5 copper cabling. Figure 1: 16-Port 10/100/1000 BASE-T Module (WS-X6516-GE-TX)
Figure 2: 16-Port GBIC-based Gigabit Ethernet Module (WS-X6416-GBIC)
Figure 3: 16-Port RJ-45 Gigabit Ethernet Module (WS-X6316-GE-TX)
Figure 4: 16-Port MT-RJ Gigabit Ethernet Module (WS-X6416-GE-MT)
Switch Fabric-Enabled Modules for the Catalyst 6500 Series The Catalyst 6500 series is scalable to 256 Gbps of switching bandwidth using a cross-bar switching fabric architecture. New fabric-enabled Gigabit Ethernet modules support the 256-Gbps platform, delivering a new level of system performance for gigabit switching. Up to 176 fabric-enabled Gigabit Ethernet ports can be supported in a single 13-slot chassis. Designed to meet the growing demand of gigabit switching applications in both the enterprise and service-provider networks, a wide range of 16-port fabric-enabled Gigabit Ethernet modules are available for the Catalyst 6500 series 256-Gbps platform. These fabric-enabled gigabit modules come with either a single or dual interfaces to the switching fabric with centralized or distributed
Page 126
15/12/2002
Building Intelligent Networks forwarding capabilities, providing excellent scalability and performance. These fabric-enabled gigabit modules all support the GBIC interfaces (SX, LX/LH, and ZX), or Category 5 RJ-45 copper interfaces providing further flexibility in system design. The Catalyst 6500 series 256-Gbps platform supports hardware-based Cisco Express Forwarding (CEF), as well as distributed CEF for maximum control-plane and forwarding performance. This is ideally suited for gigabit switching applications such as e-commerce, Web hosting, and content delivery in enterprise and service-provider networks. All fabric-enabled Gigabit Ethernet modules can support distributed forwarding. For those modules utilizing centralized forwarding, the distributedforwarding capabilities can be added later via a daughter-card field upgrade, providing maximum system flexibility and scalability. Figure 5: 16-port Fabric-Enabled GBIC-based Gigabit Ethernet Module, Single Fabric Interface (WS-X6516-GBIC)
Figure 6: Distributed Forwarding Daughter Card (WS-F6K-DFC)
Figure 7: 16-port Fabric-Enabled GBIC-based Gigabit Ethernet Module with Distributed Forwarding Dual Fabric Interfaces (WS-X6816-GBIC
Page 127
15/12/2002
3. Data Sheet Switch Fabric Module

Overview The Cisco Catalyst 6500 Series switch fabric modules, including the new Switch Fabric Module 2 (WS-X6500-SFM2) and the Switch Fabric Module (WS-C6500-SFM), in combination with the Supervisor Engine 2, deliver an increase in available system bandwidth from the existing 32Gbps to 256 Gbps. This significant increase in available bandwidth ensures that the Cisco Catalyst 6500 Series continues to deliver not only best-in-class bandwidth, but also the performance and advanced services required for today's most advanced networks. Both the Switch Fabric Module 2 and the Switch Fabric Module provide frameworks for delivering high-bandwidth architecture. These switch fabric modules are key enablers for the optional distributed forwarding architecture that facilitates convergence of high traffic volumes at different parts of the network. The Switch Fabric Module 2 and the Switch Fabric Module enable a new architecture that allows 30 Mpps of Cisco Express Forwarding (CEF)-based central forwarding performance on Supervisor Engine 2 and up to 210 Mpps of distributed forwarding performance. The higher bandwidth and performance enabled by the switch fabric modules, coupled with advanced services such as quality of service (QoS) and security in hardware via access control lists (ACLs), make the Cisco Catalyst 6500 Series the premier platform for service providers and enterprises (see Figure 1 and Figure 2.). Figure 1: Switch Fabric Module2
Figure 2: Switch Fabric Module1
Key Features and Benefits Computer networks have evolved into mission-critical resources that span a wide variety of industries and geographic distances. Networks are now a tool for supporting critical applications such as supply chain management, training, HR activities, and e-commerce. These usage trends have led to the evolution of networks to span greater distances-to interconnect functions within the same organization, partners, and customers. As distance requirements have grown, the Catalyst 6500 Series continues to increase its value by providing support for advanced network services and localarea network (LAN), metropolitan-area network (MAN), and wide-area network (WAN) interfaces in a variety of configurations.
Page 128
15/12/2002
Building Intelligent Networks As networks continue to provision higher bandwidth applications, the Catalyst 6500 Series maximizes scalability by enabling enhanced services without compromising performance. The switch fabric modules utilize a crossbar architecture to deliver 256-Gbps total capacity with a high-speed point-topoint connection to each line card. This provides a mechanism to forward packets between all pointto-point connections between the slots simultaneously. Many ports can thus be simultaneously transmitting and receiving data providing much higher aggregate throughput (see Figure 3). Figure 3: Connection between Crossbar Fabrics and Linecards in a Redundant Configuration
The new Switch Fabric Module 2 (WS-X6500-SFM2) is supported in all Catalyst 6500 Series products, while the Switch Fabric Module (WS-C6500-SFM) is supported in the Catalyst 6506 and Catalyst 6509. The new Switch Fabric Module 2 can be used in slots 7 or 8 in the Catalyst 6513. The new Switch Fabric Module 2 and the Switch Fabric Module can be used in either slot 5 or 6 in the Catalyst 6506 and Catalyst 6509. High Availability Two switch fabric modules can be configured in a system for high availability. When installed in a redundant configuration, failover time between fabrics is a few seconds and the full system bandwidth of 256 Gbps remains available even following the failure of the active switch fabric module. This minimizes the impact of outages to preserve high availability of mission-critical applications in different network environments. In a single switch fabric module configuration with modules supporting both bus and fabric interfaces, the system can fail over to the 32-Gbps backplane bus if the switch fabric module fails, providing a highly available platform to host missioncritical applications. Scalable Performance When populated with a switch fabric module, a Supervisor Engine 2 with Multilayer Switch Feature Card (MSFC) 2, and fabric-enabled line cards, a Catalyst 6500 chassis can perform centralized Layer 2 and Layer 3 switching at 30 Mpps. When equipped with a Distributed Forwarding Card (DFC), each fabric-enabled card can perform localized switching and increases total system performance up to 210 Mpps. This allows the Catalyst 6500 Series to significantly scale performance while continuing to enable a host of advanced network services. This industry-leading performance, combined with the host of advanced network services and wide array of interfaces to support LAN/MAN/WAN connectivity, enables the Catalyst 6500 Series to deliver premier end-to-end solutions for large-scale enterprise and service provider applications.(Traffic Flow between Two Fabric-Enabled Cards Intelligent Services Growing emphasis and reliance by enterprises upon high-bandwidth applications such as streaming data, audio and video has led to an increase in multicast traffic. As high-bandwidth access to homes becomes universal, there will also be an increasing demand for video streaming applications hosted by service providers. This makes it imperative that networking equipment for both service providers and enterprises incorporates features to forward multicast traffic at wire rate. The switch fabric modules incorporate built-in capabilities to handle multicast in an optimal fashion. The switch fabric modules use highly efficient packet forwarding for unicast, broadcast, and multicast traffic. The switch fabric modules use a 3X overspeed architecture to handle multidestination traffic. This architecture, coupled with multicast replication performed in hardware on the Supervisor Engine and distributed switching line cards, allows service providers and
Page 129
15/12/2002
Building Intelligent Networks enterprises to deploy high-bandwidth interactive and broadcast video applications without any performance penalty. Flexible Migration Options Investment Protection The switch fabric modules offer full investment protection to existing customers by providing a migration path that allows a gradual transition to the new architecture. All existing line cards can be inserted in the same chassis as the switch fabric module, allowing customers to gain increased benefits of the new architecture while using existing cards. This compatibility enables customers to continue to use the diverse interface types offered in the current solution and begin to deploy the new fabric-enabled cards for performance enhancement through distributed forwarding and increased bandwidth. Low Cost of Ownership The switch fabric modules facilitate a scalable, high performance, and intelligent network architecture that allows line cards to be intermixed in Catalyst 6500 Series systems to provide maximum investment protection while reducing the total cost of ownership to the customer.
4. Data Sheet Distributed Forwarding Card for the Catalyst 6500

The distributed forwarding card (DFC) for the Catalyst 6500 series delivers high-speed distributed services and forwarding for deployment in data-center backbones and server-farm aggregation. The DFC complements the centralized forwarding of the Catalyst 6500 Supervisor Engine 2 by distributing the centralized forwarding intelligence down to each DFC-enabled line-card module. This provides localized forwarding and service decisions on each line card and accelerates the forwarding performance of the Catalyst 6500 series to 100+ Mpps. (See Figure 1.) Figure 1: Distributed Forwarding Card (Cisco WSFSK-DFC Daughter Card 32284-12)
Key Benefits Scalable Performance for Service Providers and Enterprises The DFC works in conjunction with the Switch Fabric Module, Supervisor Engine 2 with Multilayer Switch Feature Card (MSFC) 2, and fabric-enabled cards (cards with a connection to the Switch Fabric Module) to provide a framework for distributed Cisco Express Forwarding (CEF)-based
Page 130
15/12/2002
Building Intelligent Networks forwarding architecture. It is required to run supervisor IOS to support distributed forwarding as it is not supported via Catalyst OS. While classic line cards cannot directly participate in distributed forwarding, CEF capabilities can still be utilized based on the centralized capabilities offered by Supervisor Engine 2. Although CEF is a Layer 3 forwarding mechanism, the Catalyst 6500 series solution also uses a similar centralized and distributed mechanism for Layer 2 forwarding. This card is available as a field-upgradable option on most of the new fabric-enabled line cards if one is not already installed. Please refer to the Data Sheet for Gigabit Ethernet Cards on the Catalyst 6000 page: http://www.cisco.com/go/6000. CEF is a scalable, distributed, Layer 3 mechanism that allows the Catalyst 6000 family to meet the dynamic requirements of service-provider and enterprise networks. This technology first evolved to accommodate a large number of short-duration flows resulting from Web-based and interactive applications. Service providers and large enterprises tend to have a large number of flows due to Web-hosting and e-commerce applications, and they are the biggest beneficiaries of this technology. In a traditional flow-based system, a cache is created using the routing table when the first packet of the flow arrives. All subsequent packets in the flow use the cached entry. This is an efficient mechanism when network conditions are relatively static, and when many different flows are destined for the same destination. The cached entries are kept current as they are aged out or when network topology changes occur. Scalable Control-Plane Performance In a dynamically changing environment, as is prevalent on the Internet, a CEF or Forwarding Information Base (FIB)-based mechanism is best used to avoid a continuous cache churn. The FIB table essentially mirrors the routing table and eliminates the need to maintain a cache table except for accounting purposes. This mechanism is also inherently less CPU intensive than a cache-based mechanism. In a distributed CEF (dCEF) environment, as implemented in Catalyst 6000 family, a copy of the FIB is downloaded to each card, thereby allowing the switching performance of the switch to scale to over 100 Mpps. Pushing forwarding decisions to each line card also relieves the MSFC2 of any switching decisions, leaving the CPU free to perform routing functions, management, network services, and so on. The DFC replicates Layer 2 and 3 forwarding logic in hardware as well as a bus on each line card; it is capable of a minimum of 15 Mpps of local switching. On a line card with a single serial connection to the fabric, packets switched between two ports will be directly forwarded via the local forwarding logic. On a line card with dual channel connections to the fabric, traffic between two ports would either be locally switched or transmitted across the fabric using local forwarding logic but it will never have to be centrally switched via the supervisor. Line cards that are DFC enabled are capable of making forwarding decisions locally. This enables traffic flows to occur in parallel between line cards, without being limited by centralized forwarding scalability. If there is a mixture of classic and new fabric-enabled line cards in the system, the frame will be switched centrally by the supervisor if there is a flow between classic and fabric-enabled cards. But, if the flow is between two fabricenabled cards with distributed forwarding, even when there is a classic card in the chassis, the packet will be directly switched between cards without going through the supervisor. This card is an essential component in enhancing scalability of the Catalyst 6000 family because, with each individual card performing local switching, the total forwarding performance of the switch reaches 100 Mpps. Distributed Intelligent Network Services The central FIB is downloaded to each line card equipped with a DFC, allowing switching decisions to be fully distributed (See Figure 2). The DFC maintains the most recent FIB and adjacency tables for Layer 2 and 3 forwarding. In a dynamic routing environment, like a service-provider backbone, the routing changes are automatically downloaded to each card, thereby providing accurate routing. It also contains the logic to perform enhanced security services in hardware, so there is no performance penalty for using features such as policy-based routing (PBR), extended and reflexive access control lists (ACLs), unicast Reverse Path Forwarding (RPF), and transmission control protocol
Page 131
15/12/2002
Building Intelligent Networks (TCP) intercept. This is especially useful in e-commerce and Web-hosting applications where security and protection of servers and Web content is a key concern. Figure 2: Local Forwarding via Distributed Forwarding Card
An MSFC2 is essential for creating the central FIB and hence must be configured in the chassis to enable CEF as well as distributed forwarding.Because a replica of the central FIB must be downloaded onto the line card, it offers the same DRAM options as the MSFC2. The DFC ships with 128 MB of DRAM and offers 256- and 512-MB upgrade options. The DRAM option required on DFC will be dependent upon the route table size amount of DRAM on the MSFC2 to ensure that the local line card is able to store the entire FIB located on Supervisor Engine 2. A failure to synchronize all FIBs would lead to conflicting forwarding information and may lead to problems. The memory requirements for the FIB are listed in table below: Table 1 Memory Requirements Product Route Table Size FLM1 50K VLSM2: 32 K 128MB Route Table SizeFLM: 150 KVLSM: 64K Route Table SizeFLM: 250KVLSM: 150K
Supervisor Engine 2
256MB
512MB
MSFC2
128MB
256MB
512MB
DFC
128MB
128MB
256MB
Even though this distributed FIB mechanism does not require a cache to forward packets, a NetFlow table is still created and maintained for accounting purposes. Each line card will have a NetFlow table that can be exported as flows are aged out. Service-provider networks often utilize the NetFlow Data Export mechanism to keep track of the customer packet flows for billing and accounting purposes. In addition to providing performance scalability, DFC also helps scale control-plane
Page 132
15/12/2002
Building Intelligent Networks performance because, instead of cache maintenance, CPU cycles can now be used for routing and enhanced services, intelligent services like IOS-Server Load balancing (IOS-SLB) and management. Investment Protection The DFC also provides full investment protection by giving customers the option to install this feature card as a field-replaceable unit in most cases. This also offers modularity in price because customers do not need to upgrade if the functionality is not required. The Catalyst 6500 series continues to offer full support for not only the new fabric-enabled line cards, but also the classic line cards, and line cards equipped with the DFC. These line cards may be intermixed within a single chassis to provide maximum flexibility and investment protection. Line-Card Support Line cards currently supporting distributed forwarding via this card are listed below: Table 2 Distributed Forwarding Capable Line Cards Switch Fabric Enabled WSX6516GBIC Yes Switch Fabric Interface Distributed Forwarding Local Switching Performance
Single serial channel to the switch fabric
Yes, with DFC as an orderable option
15 Mpps
WSX6816GBIC
Yes
Dual Serial Channel to the switch fabric
Yes
24 Mpps
Software Requirements A DFC is only supported in the Supervisor IOS mode and is not supported in Catalyst OS. To enable distributed forwarded an MSFC2 and Supervisor IOS are both required. The software version required to support distributed forwarding is listed below: Supervisor IOS Version 12.1(5) E
5. Data Sheet Catalyst 6000 Intrusion Detection System Module

Internet and E-businesses are forcing organizations into an era of open and trusted communications. This openness at the same time, brings its share of vulnerabilities and problems, pushing both enterprises and service providers to take steps to guard their valuable data from intruders, hackers, and insiders. At the same time, demand for higher network performance is driving the migration of traditionally shared networks to switched networks. As we start deploying more and more content aware services in the switched infrastructure, the need for security and intrusion detection is greater than ever to ensure reliability for Internet commerce and Web applications. With most of the Intrusion Detection System (IDS) products on the market today, devices must be placed on the Switched Port Analyzer (SPAN) port to monitor network traffic. Although the SPAN port can provide access to network traffic, it does have certain limitations (for example, limited number of SPAN sessions, trunked traffic). The Catalyst 6000 IDS module is designed specifically to address
Page 133
15/12/2002
Building Intelligent Networks switched environments by integrating the IDS functionality directly into the switch and taking traffic right off the switch backplane, thus bringing both switching and security functionality into the same chassis. Figure 1: Catalyst 6000 Intrusion Detection System Module
Organizations continue to deploy firewalls as their central gatekeepers to prevent unauthorized users from entering their networks. However, network security is in many ways similar to physical security in that no one technology serves all needsrather, a layered defense provides the best results. Organizations are increasingly looking to additional security technologies to counter risk and vulnerability that firewalls alone cannot address. Intrusion detection systems provide around-theclock network surveillance. They analyze the packet data streams within the network, searching for unauthorized activity, such as attacks by hackers, enabling users to respond immediately to security breaches. Using a physical analogy, IDS systems are equivalent to video cameras and motion sensors; they detect unauthorized or suspicious activity. Cisco Systems, the worldwide leader in networking for the Internet, addresses the need for intrusion detection in switched local-area network (LANs) with an integrated solution with the IDS module, in addition to the complete family of Cisco Secure IDS appliance sensors, for its award-winning, highperformance Catalyst 6000 switch series. The IDS module allows security and network administrators to monitor network traffic right off the switch backplane rather than using external IDS sensors connected to a switch SPAN port. This allows more granular access to the network traffic and overcomes some of the limitations that external IDS sensors connected to SPAN ports have. Similar to how the Cisco Secure IDS appliance sensors operate, the IDS module detects unauthorized activity traversing the network, such as attacks by hackers, and will send alarms to a management console with details of the detected event. The security or network administrator specifies the network traffic that must be inspected by the IDS module using the Catalyst OS virtual LAN (VLAN) access control list (ACL) capture feature or SPAN functionality, allowing for very granular traffic monitoring. In addition, the IDS module can be managed and monitored by the same management console as the Cisco Secure IDS sensors, allowing customers to deploy both appliance sensors and the IDS module to monitor critical subnets throughout their enterprise network. Application Intrusion Detection has become the fundamental enabling requirement for the successful content networking and web hosting architecture. The IDS module is designed specifically to provide security and network administrators the flexibility to monitor traffic flowing through their Catalyst 6000 family switches throughout the network. The IDS module can help identify the denial of service attacks including the distributed denial of service attacks (DDos).
Page 134
15/12/2002
Building Intelligent Networks Figure 2: Catalyst 6500 W/IDS Module
With the widest range of attack recognition, IDS module provides best of the breed real time intrusion detection solution available in the industry today. Because of the type and volume of traffic at the network core, the IDS module is most effective in the distribution and access layers of the network. Key Features and Benefits The IDS module can be deployed in any Catalyst 6000 family chassis; it offers the following benefits: Part of a Cisco end-to-end solutionThe IDS module is a necessary component to an effective, defense-in-depth security strategy to complement other deployed security mechanisms (for example, firewalls, encryption, and authentication). Integrated solutionThis IDS module is completely integrated within the Catalyst 6000, occupying a single slot. This is particularly suited for deployments where rack space is at a premium. The IDS is also fully integrated into the Cisco Secure IDS management infrastructure for operational consistency and support. Transparent operationThe IDS module does not impact switch performance. It is a passive monitoring module that inspects copies of packets and is not in the switch-forwarding path. Investment protectionWith the addition of the IDS module card to its portfolio, Cisco continues to demonstrate investment protection in its switched infrastructure. The IDS module enables customers to perform both security monitoring and switching functions within the same chassis. Real-time intrusion detectionThe IDS module provides real-time, around-the-clock network surveillance. Designed to address the increased requirements for security visibility, denial-ofservice protection, antihacking detection, and e-commerce business defenses, the IDS module monitors network traffic off the switch backplane and alarms on malicious or unauthorized activity. Comprehensive attack recognition/signature coverage The IDS module detects a wide range of attacks, and the signature engine on the IDS module can be easily updated with new "hacker signatures" without any impact on the switch. The IDS module engine also includes sophisticated IP fragmentation reassembly intelligence.
Page 135
15/12/2002
Building Intelligent Networks Ability to monitor multiple VLANs simultaneouslyThe IDS module can monitor traffic on multiple VLANs simultaneously (both ISL and 802.1q encoded) using either the VLAN ACL capture feature or SPAN functionality. The capability overcomes some of the traditional limitations of operating IDSs in switched environments. Low cost of ownershipThe IDS module is simple to install, configure, and maintain. Because it is completely interoperable with other Cisco Secure IDS devices and management consoles, the IDS module is simply an extension of the classic switching environment and security operations framework. Performance Summary Monitor 100 Mbps of traffic Approximately 47,000 packets per second, with a new flow arrival rate of 1000 per second Catalyst Switch Platform Requirements Requires Catalyst Operating System Version 6.1(1) or higher (not supported in native Cisco IOS software) Policy feature card (PFC) required for VLAN ACL "capture" functionality Compatible with both Supervisor 1A and Supervisor 2 engines Not compatible with the crossbar switch fabric Compatible with both multilayer switch feature card (MSFC) and MSFC2, but not required IDS Management Platforms (Required) Cisco Secure Policy Manager (CSPM) v2.2 and higher, or Cisco Secure Intrusion Detection Director
6. Configuring Catalyst 6509 Switch as DHCP Server

Configuring DHCP This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP). For a complete description of the DHCP commands listed in this chapter, refer to the "DHCP Commands" chapter of the Cisco IOS IP and IP Routing Command Reference publication. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online. As explained in RFC 2131, Dynamic Host Configuration Protocol, DHCP provides configuration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering hostspecific configuration parameters from a DHCP server to a host and a mechanism for allocating network addresses to hosts. DHCP is built on a client/server model, where designated DHCP server hosts allocate network addresses and deliver configuration parameters to dynamically configured hosts. DHCP supports three mechanisms for IP address allocation:
Page 136
15/12/2002
Building Intelligent Networks Automatic allocationDHCP assigns a permanent IP address to a client. Dynamic allocationDHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). Manual allocationThe network administrator assigns an IP address to a client and DHCP is used simply to convey the assigned address to the client. The format of DHCP messages is based on the format of Bootstrap Protocol (BOOTP) messages, which ensures support for BOOTP relay agent functionality and interoperability between BOOTP clients and DHCP servers. BOOTP relay agents eliminate the need for deploying a DHCP server on each physical network segment. BOOTP is explained in RFC 951, Bootstrap Protocol (BOOTP), and RFC 1542, Clarifications and Extensions for the Bootstrap Protocol. DHCP Server Overview The Cisco IOS DHCP server feature is a full DHCP server implementation that assigns and manages IP addresses from specified address pools within the router to DHCP clients. If the Cisco IOS DHCP server cannot satisfy a DHCP request from its own database, it can forward the request to one or more secondary DHCP servers defined by the network administrator. Figure 14 shows the basic steps that occur when a DHCP client requests an IP address from a DHCP server. The client, Host A, sends a DHCPDISCOVER broadcast message to locate a Cisco IOS DHCP server. A DHCP server offers configuration parameters (such as an IP address, a MAC address, a domain name, and a lease for the IP address) to the client in a DHCPOFFER unicast message. Figure 14: DHCP Request for an IP Address from a DHCP Server
Note A DHCP client may receive offers from multiple DHCP servers and can accept any one of the offers; however, the client usually accepts the first offer it receives. Additionally, the offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally request the address. The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUEST broadcast message. The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client. Note The formal request for the offered IP address (the DHCPREQUEST message) that is sent by the client is broadcast so that all other DHCP servers that received the DHCPDISCOVER broadcast message from the client can reclaim the IP addresses that they offered to the client. If the configuration parameters sent to the client in the DHCPOFFER unicast message by the DHCP server are invalid (a misconfiguration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server. The DHCP server will send to the client a DHCPNAK denial broadcast message, which means the offered configuration parameters have not been assigned, if an error has occurred during the negotiation of the parameters or the client has been slow in responding to the DHCPOFFER message (the DHCP server assigned the parameters to another client) of the DHCP server.
Page 137
15/12/2002
Building Intelligent Networks The Cisco IOS DHCP server feature offers the following benefits: Reduced Internet access costs Using automatic IP address assignment at each remote site substantially reduces Internet access costs. Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. Reduced client configuration tasks and costs Because DHCP is easy to configure, it minimizes operational overhead and costs associated with device configuration tasks and eases deployment by nontechnical users. Centralized management Because the DHCP server maintains configurations for several subnets, an administrator only needs to update a single, central server when configuration parameters change. Before you configure the Cisco IOS DHCP server feature, complete the following tasks: Identify an external File Transport Protocol (FTP), Trivial File Transfer Protocol (TFTP), or remote copy protocol (rcp) server that you will use to store the DHCP bindings database. Identify the IP addresses that you will enable the DHCP server to assign, and the IP addresses that you will exclude. Identify DHCP options for devices where necessary, including: o Default boot image name o Default router(s) o Domain Name System (DNS) server(s) o NetBIOS name server Decide on a NetBIOS node type (b, p, m, or h). Decide on a DNS domain name. DHCP Configuration Task List The DHCP server database is organized as a tree. The root of the tree is the address pool for natural networks, branches are subnetwork address pools, and leaves are manual bindings to clients. Subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters, for example the domain name, should be configured at the highest (network or subnetwork) level of the tree. Note Inherited parameters can be overridden. For example, if a parameter is defined in both the natural network and a subnetwork, the definition of the subnetwork is used. Address leases are not inherited. If a lease is not specified for an IP address, by default, the DHCP server assigns a one-day lease for the address. To configure the Cisco IOS DHCP server feature, first configure a database agent or disable conflict logging, then configure IP addresses that the DHCP server should not assign (excluded addresses)
Page 138
15/12/2002
Building Intelligent Networks and should assign (a pool of available IP addresses) to requesting clients. These configuration tasks are explained in the following sections. Each task in the following list is identified as required or optional. Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging (Required) Excluding IP Addresses (Required) Configuring a DHCP Address Pool (Required) Configuring Manual Bindings (Optional) Configuring a DHCP Server Boot File (Optional) Configuring the Number of Ping Packets (Optional) Configuring the Timeout Value for Ping Packets (Optional) Enabling the Cisco IOS DHCP Server and Relay Agent Features (Optional) Configuring a DHCP Database Agent or Disabling DHCP Conflict Logging A DHCP database agent is any host, for example, an FTP, TFTP, or RCP server that stores the DHCP bindings database. You can configure multiple DHCP database agents and you can configure the interval between database updates and transfers for each agent. To configure a database agent and database agent parameters, use the following command in global configuration mode: Command Router(config)# ip dhcp database url [timeout seconds | write-delay seconds] Purpose Configures the database agent and the interval between database updates and database transfers.
If you choose not to configure a DHCP database agent, disable the recording of DHCP address conflicts on the DHCP server. To disable DHCP address conflict logging, use the following command in global configuration mode: Command Router(config)# no ip dhcp conflict logging Purpose Disables DHCP address conflict logging.
Excluding IP Addresses The DHCP server assumes that all IP addresses in a DHCP address pool subnet are available for assigning to DHCP clients. You must specify the IP address that the DHCP server should not assign to clients. To do so, use the following command in global configuration mode:
Page 139
15/12/2002
Command Router(config)# ip dhcp excludedaddress low-address [highaddress]
Purpose Specifies the IP addresses that the DHCP server should not assign to DHCP clients.
Configuring a DHCP Address Pool You can configure a DHCP address pool with a name that is a symbolic string (such as "engineering") or an integer (such as 0). Configuring a DHCP address pool also places you in DHCP pool configuration modeidentified by the (config-dhcp)# promptfrom which you can configure pool parameters (for example, the IP subnet number and default router list). To configure a DHCP address pool, complete the required tasks in the following sections. Configuring the DHCP Address Pool Name and Entering DHCP Pool Configuration Mode To configure the DHCP address pool name and enter DHCP pool configuration mode, use the following command in global configuration mode:
Command Router(config)# ip dhcp pool name
Purpose Creates a name for the DHCP server address pool and places you in DHCP pool configuration mode (identified by the config-dhcp# prompt).
Configuring the DHCP Address Pool Subnet and Mask To configure a subnet and mask for the newly created DHCP address pool, which contains the range of available IP addresses that the DHCP server may assign to clients, use the following command in DHCP pool configuration mode: Command Router(configdhcp)# network network-number [mask | /prefixlength] Purpose Specifies the subnet network number and mask of the DHCP address pool. The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/).
Page 140
15/12/2002
Note You can not configure manual bindings within the same pool that is configured with the network command. To configure manual bindings, see the "Configuring Manual Bindings" section.
Configuring the Domain Name for the Client The domain name for a DHCP client places the client in the general grouping of networks that make up the domain. To configure a domain name string for the client, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# domain-name domain Purpose Specifies the domain name for the client.
Configuring the Domain Name System IP Servers for the Client DHCP clients query DNS IP servers when they need to correlate host names to IP addresses. To configure the DNS IP servers that are available to a DHCP client, use the following command in DHCP pool configuration mode: Command Router(configdhcp)# dns-server address [address2 ... address8] Purpose Specifies the IP address of a DNS server that is available to a DHCP client. One IP address is required; however, you can specify up to eight IP addresses in one command line.
Configuring the NetBIOS Windows Internet Naming Service IP Servers for the Client Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks. To configure the NetBIOS WINS servers that are available to a Microsoft DHCP client, use the following command in DHCP pool configuration mode: Command Router(configdhcp)# netbios-name-server address [address2 ... address8] Purpose Specifies the NetBIOS WINS server that is available to a Microsoft DHCP client. One address is required; however, you can specify up to eight addresses in one command line.
Page 141
15/12/2002
Configuring the NetBIOS Node Type for the Client The NetBIOS node type for Microsoft DHCP clients can be one of four settings: broadcast, peer-topeer, mixed, or hybrid. To configure the NetBIOS node type for a Microsoft DHCP, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# netbios-node-type type Purpose Specifies the NetBIOS node type for a Microsoft DHCP client.
Configuring the Default Router for the Client After a DHCP client has booted, the client begins sending packets to its default router. The IP address of the default router should be on the same subnet as the client. To configure a default router for a DHCP client, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# default-router address [address2 ... address8] Purpose Specifies the IP address of the default router for a DHCP client. One IP address is required, although you can specify up to eight addresses in one command line.
Configuring the Address Lease Time By default, each IP address assigned by a DHCP server comes with a one-day lease, which is the amount of time that the address is valid. To change the lease value for an IP address, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# lease {days [hours][minutes] | infinite} Purpose Specifies the duration of the lease. The default is a one-day lease.
Page 142
15/12/2002
Building Intelligent Networks Configuring Manual Bindings An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server. Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database. Manual bindings are stored in NVRAM on the DHCP server. Manual bindings are just special address pools. There is no limit on the number of manual bindings but you can only configure one manual binding per host pool. Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Automatic bindings are stored on a remote host called a database agent. The bindings are saved as text records for easy maintenance. To configure a manual binding, first create a host pool, then specify the IP address of the client and hardware address or client identifier. The hardware address is the MAC address. The client identifier, which is required for Microsoft clients (instead of hardware addresses), is formed by concatenating the media type and the MAC address of the client. Refer to the "Address Resolution Protocol Parameters" section of RFC 1700, Assigned Numbers, for a list of media type codes. To configure manual bindings, use the following commands beginning in global configuration mode: Command Step 1 Router(config)# ip dhcp pool name Purpose Creates a name for the a DHCP server address pool and places you in DHCP pool configuration modeidentified by the (config-dhcp)# prompt.
Step 2
Router(configdhcp)# host address [mask| /prefixlength] Router(configdhcp)# hardwareaddress hardwareaddress type or Router(configdhcp)# client-identifier unique-identifier
Specifies the IP address and subnet mask of the client. The prefix length specifies the number of bits that comprise the address prefix. The prefix is an alternative way of specifying the network mask of the client. The prefix length must be preceded by a forward slash (/). Specifies a hardware address for the client. Specifies the distinct identification of the client in dottedhexadecimal notation, for example, 01b7.0813.8811.66, where 01 represents the Ethernet media type.
Step 3
Step 4
Router(configdhcp)# client-name name
(Optional) Specifies the name of the client using any standard ASCII character. The client name should not include the domain name. For example, the name mars should not be specified as mars.cisco.com.
Page 143
15/12/2002
Configuring a DHCP Server Boot File The boot file is used to store the boot image for the client. The boot image is generally the operating system the client uses to load. To specify a boot file for the DHCP client, use the following command in DHCP pool configuration mode: Command Router(config-dhcp)# bootfile filename Purpose Specifies the name of the file that is used as a boot image.
Configuring the Number of Ping Packets By default, the DHCP server pings a pool address twice before assigning the address to a requesting client. If the ping is unanswered, the DHCP server assumes (with a high probability) that the address is not in use and assigns the address to the requesting client. To change the number of ping packets the DHCP server should send to the pool address before assigning the address, use the following command in global configuration mode: Command Router(config)# ip dhcp ping packets number Purpose Specifies the number of ping packets the DHCP server sends to a pool address before assigning the address to a requesting client. The default is two packets.
Configuring the Timeout Value for Ping Packets By default, the DHCP server waits 500 milliseconds before timing out a ping packet. To change the amount of time the server waits, use the following command in global configuration mode: Command Router(config)# ip dhcp ping timeout milliseconds Purpose Specifies the amount of time the DHCP server must wait before timing out a ping packet. The default 500 milliseconds.
Page 144
15/12/2002
Building Intelligent Networks Enabling the Cisco IOS DHCP Server and Relay Agent Features By default, the Cisco IOS DHCP server and relay agent features are enabled on your router. To reenable these features if they are disabled, use the following command in global configuration mode: Command Router(config)# service dhcp Purpose Enables the CiscoIOS DHCP server and relay features on your router. Use the no form of this command to disable the Cisco IOS DHCP server and relay features.
Monitoring and Maintaining the DHCP Server To clear DHCP server variables, use the following commands in privileged EXEC mode, as needed: Command Router# clear ip dhcp binding address | * Purpose Deletes an automatic address binding from the DHCP database. Specifying
specifying asterisk (*) clears all automatic bindings.
address clears the automatic binding for a specific (client) IP address, whereas
Router# clear ip dhcp conflict address | *
Clears an address conflict from the DHCP database. Specifying address clears the conflict for a specific IP address whereas specifying an asterisk (*) clears conflicts for all addresses.
Router# clear ip dhcp server statistics
Resets all DHCP server counters to 0.
To enable DHCP server debugging, use the following command in privileged EXEC mode: Command Router# debug ip dhcp server {events | packets | linkage} Purpose Enables debugging on the DHCP server.
Page 145
15/12/2002
Building Intelligent Networks To display DHCP server information, use the following commands in EXEC mode, as needed: Command Router> show ip dhcp binding [address] Router> show ip dhcp conflict [address] Router# show ip dhcp database [url] Router> show ip dhcp server statistics Displays count information about server statistics and messages sent and received. Displays recent activity on the DHCP database. Note Use this command in privileged EXEC mode. Displays a list of all address conflicts recorded by a specific DHCP server. Purpose Displays a list of all bindings created on a specific DHCP server.
Configuration Examples This section provides the following configuration examples: DHCP Database Agent Configuration Example DHCP Address Pool Configuration Example Manual Bindings Configuration Example DHCP Database Agent Configuration Example The following example stores bindings on host 172.16.4.253. The file transfer protocol is FTP. The server should wait 2 minutes (120 seconds) before writing database changes. ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120 DHCP Address Pool Configuration Example In the following example, three DHCP address pools are created: one in network 172.16.0.0, one in subnetwork 172.16.1.0, and one in subnetwork 172.16.2.0. Attributes from network 172.16.0.0, such as the domain name, DNS server, NetBIOS name server, and NetBIOS node type, are inherited in subnetworks 172.16.1.0 and 172.16.2.0. In each pool, clients are granted 30-day leases and all addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning to clients. Table 5 lists the IP addresses for the devices in three DHCP address pools.
Page 146
15/12/2002
Building Intelligent Networks Table 5: DHCP Address Pool Devices
Pool 0 (Network 172.16.0.0) Device Default routers DNS server IP Address -
Pool 1 (Subnetwork 172.16.1.0) Device Default routers IP Address 172.16.1.100 172.16.1.101
Pool 2 (Subnetwork 172.16.2.0) Device Default routers IP Address 172.16.2.100 172.16.2.101
172.16.1.102 172.16.2.102 172.16.1.103 172.16.2.103 h-node
NetBIOS name server
NetBIOS node type
ip dhcp database ftp://user:password@172.16.4.253/router-dhcp write-delay 120 ip dhcp excluded-address 172.16.1.100 172.16.1.103 ip dhcp excluded-address 172.16.2.100 172.16.2.103 ! ip dhcp pool 0 network 172.16.0.0 /16 domain-name cisco.com dns-server 172.16.1.102 172.16.2.102 netbios-name-server 172.16.1.103 172.16.2.103 netbios-node-type h-node ! ip dhcp pool 1 network 172.16.1.0 /24 default-router 172.16.1.100 172.16.1.101
Page 147
15/12/2002
lease 30 ! ip dhcp pool 2 network 172.16.2.0 /24 default-router 172.16.2.100 172.16.2.101 lease 30 Manual Bindings Configuration Example The following example creates a manual binding for a client named Mars.cisco.com. The MAC address of the client is 02c7.f800.0422 and the IP address of the client is 172.16.2.254. ip dhcp pool Mars host 172.16.2.254 hardware-address 02c7.f800.0422 ieee802 client-name Mars Because attributes are inherited, the previous configuration is equivalent to the following: ip dhcp pool Mars host 172.16.2.254 mask 255.255.255.0 hardware-address 02c7.f800.0422 ieee802 client-name Mars default-router 172.16.2.100 172.16.2.101 domain-name cisco.com dns-server 172.16.1.102 172.16.2.102 netbios-name-server 172.16.1.103 172.16.2.103 netbios-node-type h-node
Page 148
15/12/2002

IITCase Study

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

IITCase Study

Hochgeladen von

Copyright:

Verfügbare Formate

Building Intelligent Networks

Dedicated to the Service of the Nation

HCL COMNET LIMITED HCL COMNET LIMITED

Building Intelligent Networks

Revision History: Revision Number 1.0 Date 27/12/2002 Changes -

Building Intelligent Networks

Building Intelligent Networks

Building Intelligent Networks

Building Intelligent Networks

Building Intelligent Networks

Building Intelligent Networks

Building Intelligent Networks

Building Intelligent Networks

TEST BED SET-UP

3/2 (10.200.2.1) Distribution Switch 6509

3/2 (10.200.5.2) Distribution Switch 6509

Building Intelligent Networks

10. IIT Kharagpur CAMPUS NETWORK SCHEMATIC

Ed g e Sw it ch De pa rt me nt M a jo r De pa rt me n t s Dist rib ut io n Sw it ch 2 M b ps VS NL Link C is co 2 9 4 8 - L3 VS N L R o u t e r C isco 5 5 0 9

De pt. Dis trib u t io n S w it che s

C OR E 1 E d g e S w itch D e p a rtme n t C OR E 3 C isco P IX w it h F a ilo v e r

To t a l 1 4 H o st e l Dis t rib ut ion Sw it ch

11. CENTRAL NETWORK ROOM SCHEMATIC

CS E , L ib ra r y , M e c h a n ic a l, Che m ic a l, E le c t r ic a l w he r e Ca t - 294 8 h a s be e n ins t a lle d V s nl L in k C is c o - 5 5 09

F. E 4/ 0/ 0 Ho s t e l C O R E - 1 650 9 Ho s t e l C O R E - 2 650 9 D is t rib ut io n 6 50 6 Ot h e r De p a r t me n t s T ha ic o m Ga t e w a y Ro ut e r - 7 50 7

Building Intelligent Networks

12. NETWORK SCHEMATIC Of SOME DEPARTMENTS

TDM Lab 16 Port HUB 6 Core SMF towards TDM Lab

Co mputer Contro l La b Cat 2948 L3 Switch 10.9.1.2

Energy Lab, Gnd Floor 12 Port Hub

SA I Lab Cat 1924 Switch 10.9.3.1

Po wer Syste m La b Cat 1924 Switch 10.9.2.1

Po wer Syste m La b 8 Port HUB

Building Intelligent Networks

A UI/ FL Cat 19 24 S w itch (10. 19. 5.1) Structural Lab

Con nected fro m Cry oge n ic

10 Core SMF fro m CIC

ARCHITECHTURE & SMT

SMT Mult ime d ia La b 1st Floor

Access VLA N 1 8 from CIC Dis tribution 4/15 F 0/23

6 Core SMF towards CET

G 0/1 Co mputer Ro o m Ground Floor FMT

Cat-2924 MXL (10.27.1.2)

Access VLA N 4 0 from CIC Dis tribution 4/14 G 0/1

Cat-2924 MXL (10.54.1.1)

8 Port HUB Library Roo m Ground Floor A RCHITECTURE

Building Intelligent Networks

12 Core SMF from CIC

CRF & NAVAL

F 0/23 6 Core SMF towards Nava l

Trunk- VLA N 11 CIC Dist. 4/10 G 0/1

UP- Link Crossover UTP Cable

A cce s s V LA N 1 6 fr o m C IC D is t . 4/ 8 G 1/ 1 MC UT P - FO Ca t 29 24 M X L (10. 32. 1.2)

Building Intelligent Networks

IEM & VGSOM

IEM G nd Floor C om pute r La b

Board Roo m 2 nd Floor Cat 19 24 S w it ch (10. 43. 3.1)

Dea ns Roo m 1 s t Floor Cat 19 24 S w itch (10. 43. 2.1)

Ca t 19 24 S w it ch (10. 29. 2.1) 8 Port HUB Prof. D. Chate r jee 2 nd Floor

IEM Gn d Floor Wor ks tat ion Lab

8 Port HUB Res earch Sc ho la r La b 1 s t Floor

Cat 19 24 S w itch (10. 29. 3.1)

CRYOGENIC & Foundation Engg.(CIVIL)